Apple watchOS vulnerabilities

CVE-2017-7153 [MEDIUM] CWE-601 CVE-2017-7153: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interf

CVE-2018-4146 [MEDIUM] CWE-119 CVE-2018-4146: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service

CVE-2017-7003 [MEDIUM] CWE-20 CVE-2017-7003: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVE-2017-15412 [HIGH] CVE-2017-15412: watchOS 4.3 Apple Security Update: About the security content of watchOS 4.3 Product: watchOS Version: 4.3 CVE: CVE-2017-15412 Component: Kernel Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.

CVE-2018-4147 [CRITICAL] CVE-2018-4147: watchOS 4.2.2 Apple Security Update: About the security content of watchOS 4.2.2 Product: watchOS Version: 4.2.2 CVE: CVE-2018-4147 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2017-7162 [HIGH] CWE-119 CVE-2017-7162: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2017-13876 [HIGH] CWE-119 CVE-2017-13876: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted a

CVE-2017-13867 [HIGH] CWE-119 CVE-2017-13867: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted a

CVE-2017-13861 [HIGH] CWE-119 CVE-2017-13861: An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2017-13862 [HIGH] CWE-119 CVE-2017-13862: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted a

CVE-2017-13869 [MEDIUM] CWE-200 CVE-2017-13869: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

CVE-2017-13855 [MEDIUM] CWE-704 CVE-2017-13855: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion.

CVE-2017-13868 [MEDIUM] CWE-200 CVE-2017-13868: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

CVE-2017-13865 [MEDIUM] CWE-200 CVE-2017-13865: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

CVE-2017-5754 [MEDIUM] CVE-2017-5754: watchOS 4.2 Apple Security Update: About the security content of watchOS 4.2 Product: watchOS Version: 4.2 CVE: CVE-2017-5754 Component: Kernel Impact: An application may be able to read kernel memory (Meltdown) Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

CVE-2017-7154 [MEDIUM] CVE-2017-7154: watchOS 4.2 Apple Security Update: About the security content of watchOS 4.2 Product: watchOS Version: 4.2 CVE: CVE-2017-7154 Component: Kernel Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation.

CVE-2017-7173 [MEDIUM] CVE-2017-7173: watchOS 4.2 Apple Security Update: About the security content of watchOS 4.2 Product: watchOS Version: 4.2 CVE: CVE-2017-7173 Component: Kernel Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2017-13799 [HIGH] CWE-119 CVE-2017-13799: An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted a

CVE-2017-13849 [MEDIUM] CWE-20 CVE-2017-13849: An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted text file.

CVE-2017-13804 [MEDIUM] CWE-20 CVE-2017-13804: An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive.