Apple watchOS vulnerabilities

CVE-2015-5936 [MEDIUM] CVE-2015-5936: ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attacke ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939.

CVE-2015-6997 [MEDIUM] CWE-254 CVE-2015-6997: The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecR The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.

CVE-2015-6996 [MEDIUM] CWE-119 CVE-2015-6996: IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows at IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

CVE-2015-7006 [MEDIUM] CWE-22 CVE-2015-7006: Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9 Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.

CVE-2015-5939 [MEDIUM] CVE-2015-5939: ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attacke ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5937.

CVE-2015-6989 [MEDIUM] CWE-119 CVE-2015-6989: Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls.

CVE-2015-5942 [MEDIUM] CVE-2015-5942: FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote atta FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.

CVE-2015-5925 [MEDIUM] CWE-119 CVE-2015-5925: The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 al The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.

CVE-2015-6978 [MEDIUM] CVE-2015-6978: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

CVE-2015-5937 [MEDIUM] CVE-2015-5937: ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attacke ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939.

CVE-2015-5935 [MEDIUM] CWE-119 CVE-2015-5935: ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attacke ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.

CVE-2015-5927 [MEDIUM] CWE-119 CVE-2015-5927: FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote atta FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.

CVE-2015-5922 [CRITICAL] CVE-2015-5922: Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Ap Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.

CVE-2015-5867 [CRITICAL] CWE-119 CVE-2015-5867: IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2015-5876 [CRITICAL] CWE-119 CVE-2015-5876: dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged c dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2015-5845 [CRITICAL] CVE-2015-5845: IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5846.

CVE-2015-5903 [CRITICAL] CVE-2015-5903: The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.

CVE-2015-5844 [CRITICAL] CWE-119 CVE-2015-5844: IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846.

CVE-2015-5846 [CRITICAL] CVE-2015-5846: IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845.

CVE-2015-5882 [HIGH] CWE-284 CVE-2015-5882: The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an ent The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.