Apple watchOS vulnerabilities
1,895 known vulnerabilities affecting apple/watchos.
Total CVEs
1,895
CISA KEV
51
actively exploited
Public exploits
123
Exploited in wild
40
Severity breakdown
CRITICAL140HIGH970MEDIUM715LOW68UNKNOWN2
Vulnerabilities
Page 84 of 95
CVE-2016-4691HIGHCVSS 8.8≤ 2.2.22017-02-20
CVE-2016-4691 [HIGH] CWE-119 CVE-2016-4691: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
nvdapple
CVE-2016-7643HIGHCVSS 8.1≤ 2.2.22017-02-20
CVE-2016-7643 [HIGH] CWE-125 CVE-2016-7643: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafte
nvdapple
CVE-2016-4688HIGHCVSS 8.8fixed in 3.1.32017-02-20
CVE-2016-4688 [HIGH] CWE-119 CVE-2016-4688: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overfl
nvdapple
CVE-2016-7662HIGHCVSS 7.5≤ 2.2.22017-02-20
CVE-2016-7662 [HIGH] CWE-295 CVE-2016-7662: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors.
nvdapple
CVE-2016-7606HIGHCVSS 7.8≤ 2.2.22017-02-20
CVE-2016-7606 [HIGH] CWE-119 CVE-2016-7606: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvdapple
CVE-2016-7612HIGHCVSS 7.8PoC≤ 2.2.22017-02-20
CVE-2016-7612 [HIGH] CWE-119 CVE-2016-7612: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvdapple
CVE-2016-4669HIGHCVSS 7.8PoCfixed in 3.12017-02-20
CVE-2016-4669 [HIGH] CWE-20 CVE-2016-4669: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system c
nvdapple
CVE-2016-7584HIGHCVSS 7.8≤ 2.2.22017-02-20
CVE-2016-7584 [HIGH] CWE-254 CVE-2016-7584: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID.
nvdapple
CVE-2016-7644HIGHCVSS 7.8PoC≤ 2.2.22017-02-20
CVE-2016-7644 [HIGH] CWE-416 CVE-2016-7644: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
nvdapple
CVE-2017-2360HIGHCVSS 7.8PoCfixed in 3.1.32017-02-20
CVE-2017-2360 [HIGH] CWE-416 CVE-2017-2360: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted
nvdapple
CVE-2016-7660HIGHCVSS 7.8PoC≤ 2.2.22017-02-20
CVE-2016-7660 [HIGH] CWE-264 CVE-2016-7660: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
nvdapple
CVE-2016-7613HIGHCVSS 7.8≤ 2.2.22017-02-20
CVE-2016-7613 [HIGH] CWE-264 CVE-2016-7613: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling dur
nvdapple
CVE-2016-7659HIGHCVSS 8.8≤ 2.2.22017-02-20
CVE-2016-7659 [HIGH] CWE-119 CVE-2016-7659: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.
nvdapple
CVE-2016-7621HIGHCVSS 7.8PoC≤ 2.2.22017-02-20
CVE-2016-7621 [HIGH] CWE-416 CVE-2016-7621: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors.
nvdapple
CVE-2016-7626HIGHCVSS 8.8PoCfixed in 3.1.12017-02-20
CVE-2016-7626 [HIGH] CWE-119 CVE-2016-7626: An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is
An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile.
nvdapple
CVE-2016-4675HIGHCVSS 7.8fixed in 3.12017-02-20
CVE-2016-4675 [HIGH] CWE-264 CVE-2016-4675: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvdapple
CVE-2016-7594HIGHCVSS 8.8≤ 2.2.22017-02-20
CVE-2016-7594 [HIGH] CWE-119 CVE-2016-7594: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
nvdapple
CVE-2016-4693HIGHCVSS 7.5≤ 2.2.22017-02-20
CVE-2016-4693 [HIGH] CWE-326 CVE-2016-4693: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher.
nvdapple
CVE-2016-7595HIGHCVSS 8.8≤ 2.2.22017-02-20
CVE-2016-7595 [HIGH] CWE-119 CVE-2016-7595: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
nvdapple
CVE-2016-7637HIGHCVSS 7.8PoC≤ 2.2.22017-02-20
CVE-2016-7637 [HIGH] CWE-119 CVE-2016-7637: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
nvdapple