Apple Watchos 3 vulnerabilities

CVE-2016-4702 [CRITICAL] CVE-2016-4702: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4702 Component: Audio Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4658 [CRITICAL] CVE-2016-4658: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4658 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4772 [HIGH] CVE-2016-4772: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4772 Component: Kernel Impact: A remote attacker may be able to cause a denial of service Description: A lock handling issue was addressed through improved lock handling.

CVE-2016-4773 [HIGH] CVE-2016-4773: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4773 Component: Kernel Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation.

CVE-2016-4777 [HIGH] CVE-2016-4777: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4777 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: An untrusted pointer dereference was addressed by removing the affected code.

CVE-2016-4738 [HIGH] CVE-2016-4738: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4738 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4737 [HIGH] CVE-2016-4737: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4737 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4775 [HIGH] CVE-2016-4775: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4775 Component: Kernel Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4753 [HIGH] CVE-2016-4753: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4753 Component: Security Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in signed disk images. This issue was addressed through improved size validation.

CVE-2016-4778 [HIGH] CVE-2016-4778: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4778 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4712 [HIGH] CVE-2016-4712: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4712 Component: CoreCrypto Impact: An application may be able to execute arbitrary code Description: An out-of-bounds write issue was addressed by removing the vulnerable code.

CVE-2016-4726 [HIGH] CVE-2016-4726: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4726 Component: IOAcceleratorFamily Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4774 [HIGH] CVE-2016-4774: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4774 Component: Kernel Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation.

CVE-2016-4725 [HIGH] CVE-2016-4725: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4725 Component: IOAcceleratorFamily Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation.

CVE-2016-4776 [HIGH] CVE-2016-4776: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4776 Component: Kernel Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation.

CVE-2016-5131 [HIGH] CVE-2016-5131: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-5131 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4718 [MEDIUM] CVE-2016-4718: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4718 Component: FontParser Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.

CVE-2016-4708 [MEDIUM] CVE-2016-4708: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4708 Component: CFNetwork Impact: Processing maliciously crafted web content may compromise user information Description: An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking.

CVE-2016-4719 [MEDIUM] CVE-2016-4719: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-4719 Component: GeoServices Impact: An application may be able to read sensitive location information Description: A permissions issue existed in PlaceData. This issue was addressed through improved permission validation.

CVE-2016-7699 CVE-2016-7699: watchOS 3 Apple Security Update: About the security content of watchOS 3 Product: watchOS 3 CVE: CVE-2016-7699 Component: Wi-Fi Manager Impact: App extensions may obtain internet access Description: Multiple policy enforcement issues with Wi-Fi sharing. These issues were addressed with improved entitlement checks.