Apple watchOS vulnerabilities

CVE-2017-13852 [LOW] CWE-200 CVE-2017-13852: An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate.

CVE-2017-13080 [MEDIUM] CVE-2017-13080: watchOS 4.1 Apple Security Update: About the security content of watchOS 4.1 Product: watchOS Version: 4.1 CVE: CVE-2017-13080 Component: Wi-Fi Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13077 [MEDIUM] CVE-2017-13077: watchOS 4.1 Apple Security Update: About the security content of watchOS 4.1 Product: watchOS Version: 4.1 CVE: CVE-2017-13077 Component: No Apple Watch models were impacted by this vulnerability Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13078 [MEDIUM] CVE-2017-13078: watchOS 4.1 Apple Security Update: About the security content of watchOS 4.1 Product: watchOS Version: 4.1 CVE: CVE-2017-13078 Component: No Apple Watch models were impacted by this vulnerability Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-7128 [CRITICAL] CWE-119 CVE-2017-7128: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other i

CVE-2017-7130 [CRITICAL] CWE-119 CVE-2017-7130: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other i

CVE-2017-7103 [CRITICAL] CWE-119 CVE-2017-7103: An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affe An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

CVE-2017-7108 [CRITICAL] CWE-119 CVE-2017-7108: An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affe An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

CVE-2017-7110 [CRITICAL] CWE-119 CVE-2017-7110: An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affe An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

CVE-2017-7129 [CRITICAL] CWE-119 CVE-2017-7129: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other i

CVE-2017-7105 [CRITICAL] CWE-119 CVE-2017-7105: An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affe An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

CVE-2017-7112 [CRITICAL] CWE-119 CVE-2017-7112: An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affe An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

CVE-2017-7114 [HIGH] CWE-119 CVE-2017-7114: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2017-7116 [HIGH] CWE-200 CVE-2017-7116: An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affe An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic.

CVE-2017-7127 [HIGH] CWE-119 CVE-2017-7127: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. iCloud before 7.0 on Windows is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "SQLite" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (mem

CVE-2017-7086 [HIGH] CWE-400 CVE-2017-7086: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted string that is mishandled by the glob function.

CVE-2017-7080 [HIGH] CWE-295 CVE-2017-7080: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate.

CVE-2017-7083 [MEDIUM] CWE-20 CVE-2017-7083: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "CFNetwork Proxies" component. It allows remote attackers to cause a denial of service.

CVE-2017-7062 [CRITICAL] CWE-119 CVE-2017-7062: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Contacts" component. A buffer overflow allows remote attackers to execute arbitrary code or cause a denial of service (application crash).

CVE-2017-7063 [HIGH] CWE-400 CVE-2017-7063: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).