Apple Watchos 4 vulnerabilities

CVE-2016-9840 [HIGH] CVE-2016-9840: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2016-9840 Component: CVE-2016-9840

CVE-2017-13834 [HIGH] CVE-2017-13834: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-13834 Component: Kernel Impact: Processing a malformed mach binary may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved validation.

CVE-2017-7114 [HIGH] CVE-2017-7114: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-7114 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7080 [HIGH] CVE-2017-7080: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-7080 Component: Security Impact: A revoked certificate may be trusted Description: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.

CVE-2016-9842 [HIGH] CVE-2016-9842: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2016-9842 Component: CVE-2016-9842

CVE-2017-9049 [HIGH] CVE-2017-9049: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-9049 Component: CVE-2017-9233 Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2017-9233 [HIGH] CVE-2017-9233: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-9233 Component: CVE-2017-9233 Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2017-5130 [HIGH] CVE-2017-5130: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-5130 Component: CVE-2017-9233 Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2017-13829 [HIGH] CVE-2017-13829: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-13829 Component: CFNetwork Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-9050 [HIGH] CVE-2017-9050: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-9050 Component: CVE-2017-9233 Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2017-13830 [HIGH] CVE-2017-13830: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-13830 Component: HFS Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7127 [HIGH] CVE-2017-7127: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-7127 Component: SQLite Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13833 [HIGH] CVE-2017-13833: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-13833 Component: CFNetwork Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13816 [HIGH] CVE-2017-13816: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-13816 Component: Kernel Impact: A malicious application may be able to learn information about the presence and operation of other applications on the device. Description: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third

CVE-2017-7116 [HIGH] CVE-2017-7116: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-7116 Component: Wi-Fi Impact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4302 [HIGH] CVE-2018-4302: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2018-4302 Component: CVE-2017-9233 Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2017-13825 [HIGH] CVE-2017-13825: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-13825 Component: CoreText Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling.

CVE-2017-13843 [HIGH] CVE-2017-13843: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-13843 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-13813 [HIGH] CVE-2017-13813: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-13813 Component: Kernel Impact: A malicious application may be able to learn information about the presence and operation of other applications on the device. Description: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third

CVE-2017-13831 [HIGH] CVE-2017-13831: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-13831 Component: ImageIO Impact: Processing a maliciously crafted image may lead to a denial of service Description: A memory corruption issue was addressed with improved input validation.