Apple watchOS vulnerabilities

CVE-2016-7616 [HIGH] CWE-119 CVE-2016-7616: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Disk Images" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2016-4660 [HIGH] CWE-200 CVE-2016-4660: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash)

CVE-2016-7588 [HIGH] CWE-119 CVE-2016-7588: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreMedia Playback" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file.

CVE-2016-7607 [MEDIUM] CWE-200 CVE-2016-7607: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app.

CVE-2016-4679 [MEDIUM] CWE-59 CVE-2016-4679: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink.

CVE-2016-7591 [MEDIUM] CWE-416 CVE-2016-7591: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.

CVE-2016-7619 [MEDIUM] CWE-59 CVE-2016-7619: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "libarchive" component, which allows local users to write to arbitrary files via vectors related to symlinks.

CVE-2017-2352 [MEDIUM] CVE-2017-2352: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via unspecified vectors.

CVE-2016-7615 [MEDIUM] CVE-2016-7615: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows local users to cause a denial of service via unspecified vectors.

CVE-2016-4680 [MEDIUM] CWE-200 CVE-2016-4680: An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

CVE-2016-7627 [MEDIUM] CWE-476 CVE-2016-7627: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted font.

CVE-2017-2363 [MEDIUM] CWE-200 CVE-2017-2363: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

CVE-2016-7651 [MEDIUM] CWE-285 CVE-2016-7651: An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.

CVE-2016-7636 [MEDIUM] CWE-20 CVE-2016-7636: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs.

CVE-2016-7657 [LOW] CWE-20 CVE-2016-7657: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

CVE-2016-4665 [LOW] CWE-200 CVE-2016-4665: An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.

CVE-2016-7714 [LOW] CWE-200 CVE-2016-7714: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

CVE-2016-4664 [LOW] CWE-200 CVE-2016-4664: An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app.

CVE-2016-8687 [HIGH] CVE-2016-8687: watchOS 3.1.3 Apple Security Update: About the security content of watchOS 3.1.3 Product: watchOS Version: 3.1.3 CVE: CVE-2016-8687 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management.

CVE-2017-2383 [LOW] CVE-2017-2383: watchOS 3.1.3 Apple Security Update: About the security content of watchOS 3.1.3 Product: watchOS Version: 3.1.3 CVE: CVE-2017-2383 Component: APNs Server Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.