Apple watchOS vulnerabilities
1,895 known vulnerabilities affecting apple/watchos.
Total CVEs
1,895
CISA KEV
51
actively exploited
Public exploits
123
Exploited in wild
40
Severity breakdown
CRITICAL140HIGH970MEDIUM715LOW68UNKNOWN2
Vulnerabilities
Page 56 of 95
CVE-2019-8525MEDIUMCVSS 6.7fixed in 5.22020-10-27
CVE-2019-8525 [MEDIUM] CWE-787 CVE-2019-8525: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary c
nvdapple
CVE-2019-8664MEDIUMCVSS 6.5fixed in 5.2.1≥ unspecified, < 5.22020-10-27
CVE-2019-8664 [MEDIUM] CWE-20 CVE-2019-8664: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.
nvdapple
CVE-2019-8744MEDIUMCVSS 5.5fixed in 6.0≥ unspecified, < 62020-10-27
CVE-2019-8744 [MEDIUM] CWE-787 CVE-2019-8744: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with imp
A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.
nvd
CVE-2019-8532MEDIUMCVSS 5.5fixed in 5.2≥ unspecified, < 5.22020-10-27
CVE-2019-8532 [MEDIUM] CVE-2019-8532: A permissions issue was addressed by removing vulnerable code and adding additional checks. This iss
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files.
nvdapple
CVE-2018-4390MEDIUMCVSS 5.5fixed in 4.32020-10-27
CVE-2018-4390 [MEDIUM] CVE-2018-4390: An inconsistent user interface issue was addressed with improved state management. This issue is fix
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.
nvdapple
CVE-2018-4391MEDIUMCVSS 5.5fixed in 4.32020-10-27
CVE-2018-4391 [MEDIUM] CVE-2018-4391: An inconsistent user interface issue was addressed with improved state management. This issue is fix
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.
nvdapple
CVE-2019-8753MEDIUMCVSS 6.1fixed in 6.0≥ unspecified, < 62020-10-27
CVE-2019-8753 [MEDIUM] CWE-79 CVE-2019-8753: This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.
nvd
CVE-2019-8796MEDIUMCVSS 5.3fixed in 6.12020-10-27
CVE-2019-8796 [MEDIUM] CVE-2019-8796: A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1,
A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode.
nvdapple
CVE-2019-8538MEDIUMCVSS 5.5fixed in 5.22020-10-27
CVE-2019-8538 [MEDIUM] CVE-2019-8538: A denial of service issue was addressed with improved validation. This issue is fixed in watchOS 5.2
A denial of service issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. Processing a maliciously crafted vcf file may lead to a denial of service.
nvdapple
CVE-2019-8528MEDIUMCVSS 6.7fixed in 5.22020-10-27
CVE-2019-8528 [MEDIUM] CWE-416 CVE-2019-8528: A use after free issue was addressed with improved memory management. This issue is fixed in watchOS
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges.
nvdapple
CVE-2018-4433MEDIUMCVSS 5.5fixed in 5.0≥ unspecified, < 52020-10-27
CVE-2018-4433 [MEDIUM] CVE-2018-4433: A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojav
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system.
nvd
CVE-2019-8850MEDIUMCVSS 5.5≥ unspecified, < 62020-10-27
CVE-2019-8850 [MEDIUM] CWE-125 CVE-2019-8850: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Cat
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory.
nvd
CVE-2019-8668MEDIUMCVSS 5.5fixed in 5.3≥ unspecified, < 5.32020-10-27
CVE-2019-8668 [MEDIUM] CWE-20 CVE-2019-8668: A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, t
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service.
nvdapple
CVE-2019-8799LOWCVSS 2.4fixed in 6.0≥ unspecified, < 62020-10-27
CVE-2019-8799 [LOW] CVE-2019-8799: This issue was resolved by replacing device names with a random identifier. This issue is fixed in i
This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.
nvd
CVE-2019-8856LOWCVSS 3.3fixed in 6.1.12020-10-27
CVE-2019-8856 [LOW] CVE-2019-8856: An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was add
An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular
nvdapple
CVE-2019-8809LOWCVSS 3.3fixed in 6.0≥ unspecified, < 62020-10-27
CVE-2019-8809 [LOW] CVE-2019-8809: A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, i
A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.
nvd
CVE-2020-9868CRITICALCVSS 9.1fixed in 6.2.8≥ unspecified, < watchOS 6.2.82020-10-22
CVE-2020-9868 [CRITICAL] CWE-295 CVE-2020-9868: A certificate validation issue existed when processing administrator added certificates. This issue
A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an ad
nvdapple
CVE-2020-9906CRITICALCVSS 9.1fixed in 6.2.8≥ unspecified, < watchOS 6.2.82020-10-22
CVE-2020-9906 [CRITICAL] CWE-20 CVE-2020-9906: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
nvdapple
CVE-2020-9920CRITICALCVSS 9.1fixed in 6.2.8≥ unspecified, < watchOS 6.2.82020-10-22
CVE-2020-9920 [CRITICAL] CWE-22 CVE-2020-9920: A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iP
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.
nvdapple
CVE-2020-9882HIGHCVSS 7.8fixed in 6.2.8≥ unspecified, < watchOS 6.2.82020-10-22
CVE-2020-9882 [HIGH] CWE-120 CVE-2020-9882: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
nvdapple