Apple watchOS vulnerabilities
1,895 known vulnerabilities affecting apple/watchos.
Total CVEs
1,895
CISA KEV
51
actively exploited
Public exploits
123
Exploited in wild
40
Severity breakdown
CRITICAL140HIGH970MEDIUM715LOW68UNKNOWN2
Vulnerabilities
Page 87 of 95
CVE-2016-4614CRITICALCVSS 9.8fixed in 2.2.22016-07-22
CVE-2016-4614 [CRITICAL] CWE-787 CVE-2016-4614: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-
nvdapple
CVE-2016-4609CRITICALCVSS 9.8fixed in 2.2.22016-07-22
CVE-2016-4609 [CRITICAL] CVE-2016-4609: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-460
nvdapple
CVE-2016-4616CRITICALCVSS 9.8fixed in 2.2.22016-07-22
CVE-2016-4616 [CRITICAL] CVE-2016-4616: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-461
nvdapple
CVE-2016-4615CRITICALCVSS 9.8fixed in 2.2.22016-07-22
CVE-2016-4615 [CRITICAL] CVE-2016-4615: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-461
nvdapple
CVE-2016-4607CRITICALCVSS 9.8fixed in 2.2.22016-07-22
CVE-2016-4607 [CRITICAL] CWE-119 CVE-2016-4607: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-
nvdapple
CVE-2016-4637HIGHCVSS 8.8fixed in 2.2.22016-07-22
CVE-2016-4637 [HIGH] CWE-119 CVE-2016-4637: CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
nvdapple
CVE-2016-4627HIGHCVSS 7.8fixed in 2.2.22016-07-22
CVE-2016-4627 [HIGH] CWE-476 CVE-2016-4627: IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows lo
IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
nvdapple
CVE-2016-4631HIGHCVSS 8.8fixed in 2.2.22016-07-22
CVE-2016-4631 [HIGH] CWE-119 CVE-2016-4631: ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
nvdapple
CVE-2016-4594HIGHCVSS 7.8fixed in 2.2.22016-07-22
CVE-2016-4594 [HIGH] CWE-20 CVE-2016-4594: The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, an
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
nvdapple
CVE-2016-4626HIGHCVSS 7.8fixed in 2.2.22016-07-22
CVE-2016-4626 [HIGH] CWE-476 CVE-2016-4626: IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.
IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
nvdapple
CVE-2016-1863HIGHCVSS 7.8PoCfixed in 2.2.22016-07-22
CVE-2016-1863 [HIGH] CWE-416 CVE-2016-1863: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.
nvdapple
CVE-2016-4582HIGHCVSS 7.8fixed in 2.2.22016-07-22
CVE-2016-4582 [HIGH] CVE-2016-4582: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.
nvdapple
CVE-2016-4653HIGHCVSS 7.8fixed in 2.2.22016-07-22
CVE-2016-4653 [HIGH] CVE-2016-4653: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.
nvdapple
CVE-2016-4632HIGHCVSS 7.5fixed in 2.2.22016-07-22
CVE-2016-4632 [HIGH] CWE-119 CVE-2016-4632: ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
nvdapple
CVE-2016-1865MEDIUMCVSS 5.5fixed in 2.2.22016-07-22
CVE-2016-1865 [MEDIUM] CWE-476 CVE-2016-1865: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
nvdapple
CVE-2016-4628MEDIUMCVSS 5.5≤ 2.2.12016-07-22
CVE-2016-4628 [MEDIUM] CWE-125 CVE-2016-4628: IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain
IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
nvdapple
CVE-2016-6559CRITICALCVSS 9.8v2.2.22016-07-18
CVE-2016-6559 [CRITICAL] CVE-2016-6559: watchOS 2.2.2
Apple Security Update: About the security content of watchOS 2.2.2
Product: watchOS
Version: 2.2.2
CVE: CVE-2016-6559
Component: Libc
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.
apple
CVE-2016-4608CRITICALCVSS 9.8v2.2.22016-07-18
CVE-2016-4608 [CRITICAL] CVE-2016-4608: watchOS 2.2.2
Apple Security Update: About the security content of watchOS 2.2.2
Product: watchOS
Version: 2.2.2
CVE: CVE-2016-4608
Component: Libc
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.
apple
CVE-2016-4610CRITICALCVSS 9.8v2.2.22016-07-18
CVE-2016-4610 [CRITICAL] CVE-2016-4610: watchOS 2.2.2
Apple Security Update: About the security content of watchOS 2.2.2
Product: watchOS
Version: 2.2.2
CVE: CVE-2016-4610
Component: Libc
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.
apple
CVE-2016-4650HIGHCVSS 7.8v2.2.22016-07-18
CVE-2016-4650 [HIGH] CVE-2016-4650: watchOS 2.2.2
Apple Security Update: About the security content of watchOS 2.2.2
Product: watchOS
Version: 2.2.2
CVE: CVE-2016-4650
Component: IOHIDFamily
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
apple