Apple watchOS vulnerabilities

1,895 known vulnerabilities affecting apple/watchos.

Total CVEs

1,895

CISA KEV

actively exploited

Public exploits

123

Exploited in wild

Severity breakdown

CRITICAL140HIGH970MEDIUM715LOW68UNKNOWN2

Vulnerabilities

Page 48 of 95

CVE-2021-30943MEDIUMCVSS 4.3fixed in 8.3≥ unspecified, < 8.3+2 more2021-08-24

CVE-2021-30943 [MEDIUM] CWE-613 CVE-2021-30943: An issue in the handling of group membership was resolved with improved logic. This issue is fixed i An issue in the handling of group membership was resolved with improved logic. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1. A malicious user may be able to leave a messages group but continue to receive messages in that group.

nvdapple

CVE-2021-30855MEDIUMCVSS 5.5fixed in 8.02021-08-24

CVE-2021-30855 [MEDIUM] CWE-59 CVE-2021-30855: A validation issue existed in the handling of symlinks. This issue was addressed with improved valid A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files.

nvd

CVE-2021-30946MEDIUMCVSS 5.5fixed in 8.3≥ unspecified, < 8.32021-08-24

CVE-2021-30946 [MEDIUM] CVE-2021-30946: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.1, A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. A malicious application may be able to bypass certain Privacy preferences.

nvdapple

CVE-2021-30905MEDIUMCVSS 5.5fixed in 8.12021-08-24

CVE-2021-30905 [MEDIUM] CWE-125 CVE-2021-30905: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina. Processing a maliciously crafted file may disclose user information.

nvdapple

CVE-2021-30890MEDIUMCVSS 6.1fixed in 8.12021-08-24

CVE-2021-30890 [MEDIUM] CWE-79 CVE-2021-30890: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.

nvdapple

CVE-2021-30896MEDIUMCVSS 5.5fixed in 8.12021-08-24

CVE-2021-30896 [MEDIUM] CVE-2021-30896: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to read user's gameplay data.

nvdapple

CVE-2021-30944MEDIUMCVSS 5.5fixed in 8.3≥ unspecified, < 8.3+2 more2021-08-24

CVE-2021-30944 [MEDIUM] CVE-2021-30944: Description: A logic issue was addressed with improved state management. This issue is fixed in iOS Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious app may be able to access data from other apps by enabling additional logging.

nvdapple

CVE-2021-30895MEDIUMCVSS 5.5fixed in 8.12021-08-24

CVE-2021-30895 [MEDIUM] CVE-2021-30895: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to access information about a user's contacts.

nvdapple

CVE-2021-31007MEDIUMCVSS 5.5fixed in 8.1≥ unspecified, < 8.1+3 more2021-08-24

CVE-2021-31007 [MEDIUM] CWE-276 CVE-2021-31007: Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences.

nvdapple

CVE-2021-30968MEDIUMCVSS 5.5fixed in 8.3≥ unspecified, < 8.32021-08-24

CVE-2021-30968 [MEDIUM] CWE-59 CVE-2021-30968: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. T A validation issue related to hard link behavior was addressed with improved sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to bypass certain Privacy preferences.

nvdapple

CVE-2021-31006MEDIUMCVSS 5.5fixed in 7.6≥ unspecified, < 7.62021-08-24

CVE-2021-31006 [MEDIUM] CWE-276 CVE-2021-31006: Description: A permissions issue was addressed with improved validation. This issue is fixed in watc Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.

nvd

CVE-2021-30887MEDIUMCVSS 6.5fixed in 8.12021-08-24

CVE-2021-30887 [MEDIUM] CVE-2021-30887: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy.

nvdapple

CVE-2021-30871MEDIUMCVSS 5.5fixed in 7.62021-08-24

CVE-2021-30871 [MEDIUM] CVE-2021-30871: This issue was addressed with a new entitlement. This issue is fixed in iOS 14.7, watchOS 7.6, macOS This issue was addressed with a new entitlement. This issue is fixed in iOS 14.7, watchOS 7.6, macOS Big Sur 11.5. A local attacker may be able to access analytics data.

nvd

CVE-2021-30915LOWCVSS 2.4fixed in 8.12021-08-24

CVE-2021-30915 [LOW] CVE-2021-30915: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field.

nvdapple

CVE-2021-31000LOWCVSS 3.3fixed in 8.3≥ unspecified, < 8.3+2 more2021-08-24

CVE-2021-31000 [LOW] CWE-276 CVE-2021-31000: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPad A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information.

nvdapple

CVE-2021-36976MEDIUMCVSS 6.5fixed in 8.52021-07-20

CVE-2021-36976 [MEDIUM] CWE-416 CVE-2021-36976: libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

nvdapple

CVE-2021-21779HIGHCVSS 8.8v7.52021-05-24

CVE-2021-21779 [HIGH] CVE-2021-21779: watchOS 7.5 Apple Security Update: About the security content of watchOS 7.5 Product: watchOS Version: 7.5 CVE: CVE-2021-21779 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management.

apple

CVE-2021-1818CRITICALCVSS 9.8fixed in 7.32021-04-02

CVE-2021-1818 [CRITICAL] CVE-2021-1818: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

nvd

CVE-2021-1747HIGHCVSS 7.8fixed in 7.32021-04-02

CVE-2021-1747 [HIGH] CWE-787 CVE-2021-1747: An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Bi An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing maliciously crafted web content may lead to code execution.

nvd

CVE-2020-27931HIGHCVSS 7.8fixed in 7.0≥ unspecified, < 7.02021-04-02

CVE-2020-27931 [HIGH] CWE-787 CVE-2020-27931: A memory corruption issue existed in the processing of font files. This issue was addressed with imp A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may

nvdapple

← Previous48 / 95Next →