Apple Watchos 5 vulnerabilities

CVE-2018-4191 [HIGH] CVE-2018-4191: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4191 Component: WebKit Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation.

CVE-2018-4401 [HIGH] CVE-2018-4401: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4401 Component: IOUserEthernet Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4336 [HIGH] CVE-2018-4336: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4336 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4354 [HIGH] CVE-2018-4354: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4354 Component: IOKit Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4319 [HIGH] CVE-2018-4319: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4319 Component: WebKit Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.

CVE-2018-4412 [HIGH] CVE-2018-4412: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4412 Component: CoreFoundation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4408 [HIGH] CVE-2018-4408: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4408 Component: IOHIDFamily Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4414 [HIGH] CVE-2018-4414: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4414 Component: CoreFoundation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4347 [HIGH] CVE-2018-4347: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4347 Component: CoreText Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2018-4313 [MEDIUM] CVE-2018-4313: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4313 Component: Safari Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.

CVE-2018-4304 [MEDIUM] CVE-2018-4304: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4304 Component: Text Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation.

CVE-2018-4433 [MEDIUM] CVE-2018-4433: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4433 Component: CoreText Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2018-4363 [MEDIUM] CVE-2018-4363: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4363 Component: Kernel Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.

CVE-2018-4305 [MEDIUM] CVE-2018-4305: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4305 Component: IOUserEthernet Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4399 [MEDIUM] CVE-2018-4399: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4399 Component: Kernel Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.

CVE-2018-4395 [MEDIUM] CVE-2018-4395: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4395 Component: Security Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks.