Apple watchOS vulnerabilities
1,895 known vulnerabilities affecting apple/watchos.
Total CVEs
1,895
CISA KEV
51
actively exploited
Public exploits
123
Exploited in wild
40
Severity breakdown
CRITICAL140HIGH970MEDIUM715LOW68UNKNOWN2
Vulnerabilities
Page 80 of 95
CVE-2017-7009HIGHCVSS 7.8≤ 3.2.22017-07-20
CVE-2017-7009 [HIGH] CWE-119 CVE-2017-7009: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "IOUSBFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a
nvdapple
CVE-2017-7013HIGHCVSS 7.8≤ 3.2.22017-07-20
CVE-2017-7013 [HIGH] CWE-125 CVE-2017-7013: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sen
nvdapple
CVE-2017-7026HIGHCVSS 7.8≤ 3.2.22017-07-20
CVE-2017-7026 [HIGH] CWE-119 CVE-2017-7026: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a craft
nvdapple
CVE-2017-7047HIGHCVSS 8.8PoCfixed in 3.2.32017-07-20
CVE-2017-7047 [HIGH] CWE-119 CVE-2017-7047: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a craft
nvdapple
CVE-2017-7069HIGHCVSS 7.8≤ 3.2.22017-07-20
CVE-2017-7069 [HIGH] CWE-119 CVE-2017-7069: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a craft
nvdapple
CVE-2017-7068HIGHCVSS 8.8≤ 3.2.22017-07-20
CVE-2017-7068 [HIGH] CWE-119 CVE-2017-7068: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via
nvdapple
CVE-2017-7027HIGHCVSS 7.8≤ 3.2.22017-07-20
CVE-2017-7027 [HIGH] CWE-119 CVE-2017-7027: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a craft
nvdapple
CVE-2017-7028MEDIUMCVSS 5.5fixed in 3.2.32017-07-20
CVE-2017-7028 [MEDIUM] CWE-200 CVE-2017-7028: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvdapple
CVE-2017-7029MEDIUMCVSS 5.5fixed in 3.2.32017-07-20
CVE-2017-7029 [MEDIUM] CWE-200 CVE-2017-7029: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvdapple
CVE-2017-9417CRITICALCVSS 9.8PoCv3.2.32017-07-19
CVE-2017-9417 [CRITICAL] CVE-2017-9417: watchOS 3.2.3
Apple Security Update: About the security content of watchOS 3.2.3
Product: watchOS
Version: 3.2.3
CVE: CVE-2017-9417
Component: Wi-Fi
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
apple
CVE-2017-7025HIGHCVSS 7.8v3.2.32017-07-19
CVE-2017-7025 [HIGH] CVE-2017-7025: watchOS 3.2.3
Apple Security Update: About the security content of watchOS 3.2.3
Product: watchOS
Version: 3.2.3
CVE: CVE-2017-7025
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
apple
CVE-2017-7022HIGHCVSS 7.8v3.2.32017-07-19
CVE-2017-7022 [HIGH] CVE-2017-7022: watchOS 3.2.3
Apple Security Update: About the security content of watchOS 3.2.3
Product: watchOS
Version: 3.2.3
CVE: CVE-2017-7022
Component: Kernel
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
apple
CVE-2017-7023HIGHCVSS 7.8v3.2.32017-07-19
CVE-2017-7023 [HIGH] CVE-2017-7023: watchOS 3.2.3
Apple Security Update: About the security content of watchOS 3.2.3
Product: watchOS
Version: 3.2.3
CVE: CVE-2017-7023
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
apple
CVE-2017-7024HIGHCVSS 7.8v3.2.32017-07-19
CVE-2017-7024 [HIGH] CVE-2017-7024: watchOS 3.2.3
Apple Security Update: About the security content of watchOS 3.2.3
Product: watchOS
Version: 3.2.3
CVE: CVE-2017-7024
Component: Kernel
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
apple
CVE-2016-9841CRITICALCVSS 9.8fixed in 42017-05-23
CVE-2016-9841 [CRITICAL] CVE-2016-9841: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by levera
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvd
CVE-2016-9843CRITICALCVSS 9.8fixed in 42017-05-23
CVE-2016-9843 [CRITICAL] CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unsp
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
nvd
CVE-2016-9842HIGHCVSS 8.8fixed in 42017-05-23
CVE-2016-9842 [HIGH] CWE-1335 CVE-2016-9842: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
nvd
CVE-2016-9840HIGHCVSS 8.8fixed in 42017-05-23
CVE-2016-9840 [HIGH] CVE-2016-9840: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by lever
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvd
CVE-2017-2513CRITICALCVSS 9.8≤ 3.22017-05-22
CVE-2017-2513 [CRITICAL] CWE-416 CVE-2017-2513: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application cra
nvdapple
CVE-2017-2520CRITICALCVSS 9.8fixed in 3.2.22017-05-22
CVE-2017-2520 [CRITICAL] CWE-787 CVE-2017-2520: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via
nvdapple