Apple watchOS vulnerabilities
1,895 known vulnerabilities affecting apple/watchos.
Total CVEs
1,895
CISA KEV
51
actively exploited
Public exploits
123
Exploited in wild
40
Severity breakdown
CRITICAL140HIGH970MEDIUM715LOW68UNKNOWN2
Vulnerabilities
Page 68 of 95
CVE-2019-8568MEDIUMCVSS 5.5fixed in 5.2.1≥ unspecified, < watchOS 5.2.12019-12-18
CVE-2019-8568 [MEDIUM] CWE-59 CVE-2019-8568: A validation issue existed in the handling of symlinks. This issue was addressed with improved valid
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system.
nvdapple
CVE-2019-8597MEDIUMCVSS 6.5fixed in 5.1.12019-12-18
CVE-2019-8597 [MEDIUM] CWE-787 CVE-2019-8597: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2019-8775LOWCVSS 2.4fixed in 6.12019-12-18
CVE-2019-8775 [LOW] CVE-2019-8775: The issue was addressed by restricting options offered on a locked device. This issue is fixed in iO
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.
nvdapple
CVE-2019-8541LOWCVSS 3.3fixed in 5.2≥ unspecified, < watchOS 5.22019-12-18
CVE-2019-8541 [LOW] CVE-2019-8541: A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion
A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs.
nvdapple
CVE-2019-8502LOWCVSS 3.3fixed in 5.2≥ unspecified, < watchOS 5.22019-12-18
CVE-2019-8502 [LOW] CWE-20 CVE-2019-8502: An API issue existed in the handling of dictation requests. This issue was addressed with improved v
An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.
nvdapple
CVE-2019-8682LOWCVSS 2.4fixed in 5.3≥ unspecified, < watchOS 5.32019-12-18
CVE-2019-8682 [LOW] CWE-306 CVE-2019-8682: The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A u
The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen.
nvdapple
CVE-2019-8548LOWCVSS 2.4fixed in 5.2≥ unspecified, < watchOS 5.22019-12-18
CVE-2019-8548 [LOW] CWE-459 CVE-2019-8548: An issue existed where partially entered passcodes may not clear when the device went to sleep. This
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep.
nvdapple
CVE-2019-15163HIGHCVSS 7.5v6.1.12019-12-10
CVE-2019-15163 [HIGH] CVE-2019-15163: watchOS 6.1.1
Apple Security Update: About the security content of watchOS 6.1.1
Product: watchOS
Version: 6.1.1
CVE: CVE-2019-15163
Component: CVE-2019-15163
apple
CVE-2019-15903HIGHCVSS 7.5v6.1.12019-12-10
CVE-2019-15903 [HIGH] CVE-2019-15903: watchOS 6.1.1
Apple Security Update: About the security content of watchOS 6.1.1
Product: watchOS
Version: 6.1.1
CVE: CVE-2019-15903
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
apple
CVE-2019-15164MEDIUMCVSS 5.3v6.1.12019-12-10
CVE-2019-15164 [MEDIUM] CVE-2019-15164: watchOS 6.1.1
Apple Security Update: About the security content of watchOS 6.1.1
Product: watchOS
Version: 6.1.1
CVE: CVE-2019-15164
Component: CVE-2019-15164
apple
CVE-2019-15161MEDIUMCVSS 5.3v6.1.12019-12-10
CVE-2019-15161 [MEDIUM] CVE-2019-15161: watchOS 6.1.1
Apple Security Update: About the security content of watchOS 6.1.1
Product: watchOS
Version: 6.1.1
CVE: CVE-2019-15161
Component: CVE-2019-15161
apple
CVE-2019-15162MEDIUMCVSS 5.3v6.1.12019-12-10
CVE-2019-15162 [MEDIUM] CVE-2019-15162: watchOS 6.1.1
Apple Security Update: About the security content of watchOS 6.1.1
Product: watchOS
Version: 6.1.1
CVE: CVE-2019-15162
Component: CVE-2019-15162
apple
CVE-2017-7152MEDIUMCVSS 4.3v6.12019-10-29
CVE-2017-7152 [MEDIUM] CVE-2017-7152: watchOS 6.1
Apple Security Update: About the security content of watchOS 6.1
Product: watchOS
Version: 6.1
CVE: CVE-2017-7152
Component: Contacts
Impact: Processing a maliciously contact may lead to UI spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
apple
CVE-2019-15165MEDIUMCVSS 5.3v6.1.12019-10-03
CVE-2019-15165 [MEDIUM] CWE-770 CVE-2019-15165: sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocati
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
nvdapple
CVE-2019-9506HIGHCVSS 8.1v5.32019-08-14
CVE-2019-9506 [HIGH] CWE-310 CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encrypti
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
nvdapple
CVE-2018-16860HIGHCVSS 7.5v5.32019-07-22
CVE-2018-16860 [HIGH] CVE-2018-16860: watchOS 5.3
Apple Security Update: About the security content of watchOS 5.3
Product: watchOS
Version: 5.3
CVE: CVE-2018-16860
Component: Heimdal
Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services
Description: This issue was addressed with improved checks to prevent unauthorized actions.
apple
CVE-2020-10135MEDIUMCVSS 5.4v5.32019-07-22
CVE-2020-10135 [MEDIUM] CVE-2020-10135: watchOS 5.3
Apple Security Update: About the security content of watchOS 5.3
Product: watchOS
Version: 5.3
CVE: CVE-2020-10135
Component: The changes for this issue mitigate CVE-2020-10135.
apple
CVE-2019-13118MEDIUMCVSS 5.3v5.32019-07-22
CVE-2019-13118 [MEDIUM] CVE-2019-13118: watchOS 5.3
Apple Security Update: About the security content of watchOS 5.3
Product: watchOS
Version: 5.3
CVE: CVE-2019-13118
Component: Kernel
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
apple
CVE-2018-4332CRITICALCVSS 9.8fixed in 5.02019-04-03
CVE-2018-4332 [CRITICAL] CWE-119 CVE-2018-4332: A memory corruption issue was addressed with improved memory handling. This issue affected versions
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
nvd
CVE-2018-4331CRITICALCVSS 9.8fixed in 5.02019-04-03
CVE-2018-4331 [CRITICAL] CWE-119 CVE-2018-4331: A memory corruption issue was addressed with improved memory handling. This issue affected versions
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
nvd