Watch OS Apple Watch OS Apple Watch Operating System

stack.watch can notify you when security vulnerabilities are reported in Apple Watch OS. You can add multiple products that you use with Watch OS to create your own personal software stack watcher.

By the Year

In 2020 there have been 65 vulnerabilities in Apple Watch OS with an average score of 7.4 out of ten. Last year Watch OS had 200 security vulnerabilities published. Right now, Watch OS is on track to have less security vulerabilities in 2020 than it did last year. Last year, the average CVE base score was greater by 0.30

Year Vulnerabilities Average Score
2020 65 7.44
2019 200 7.74
2018 56 7.54

It may take a day or so for new Watch OS vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Apple Watch OS Security Vulnerabilities

A race condition was addressed with improved state handling

CVE-2020-9839 7 - High - June 09, 2020

A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.

Race Condition

This issue was addressed with improved checks

CVE-2020-9842 5.5 - Medium - June 09, 2020

This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to use arbitrary entitlements.

A logic issue was addressed with improved restrictions

CVE-2020-9850 9.8 - Critical - June 09, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

An integer overflow was addressed through improved input validation

CVE-2020-9852 7.8 - High - June 09, 2020

An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

Integer Overflow or Wraparound

A denial of service issue was addressed with improved input validation

CVE-2020-9827 7.5 - High - June 09, 2020

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.

A validation issue was addressed with improved input sanitization

CVE-2020-9829 6.5 - Medium - June 09, 2020

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service.

Improper Input Validation

An input validation issue was addressed with improved input validation

CVE-2020-9843 6.1 - Medium - June 09, 2020

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.

XSS

An out-of-bounds read was addressed with improved input validation

CVE-2020-9791 7.8 - High - June 09, 2020

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Out-of-bounds Read

A memory corruption issue was addressed with improved state management

CVE-2020-9821 7.8 - High - June 09, 2020

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-9789 8.8 - High - June 09, 2020

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Write

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-9790 8.8 - High - June 09, 2020

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Write

An out-of-bounds read was addressed with improved bounds checking

CVE-2020-9794 8.1 - High - June 09, 2020

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.

Out-of-bounds Read

A memory corruption issue was addressed with improved input validation

CVE-2020-9793 7.8 - High - June 09, 2020

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.

Memory Corruption

A use after free issue was addressed with improved memory management

CVE-2020-9795 7.8 - High - June 09, 2020

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.

Dangling pointer

An information disclosure issue was addressed by removing the vulnerable code

CVE-2020-9797 5.5 - Medium - June 09, 2020

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout.

Information Leak

A type confusion issue was addressed with improved memory handling

CVE-2020-9800 8.8 - High - June 09, 2020

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Object Type Confusion

A logic issue was addressed with improved restrictions

CVE-2020-9802 8.8 - High - June 09, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

A logic issue was addressed with improved restrictions

CVE-2020-9805 6.1 - Medium - June 09, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.

XSS

A memory corruption issue was addressed with improved validation

CVE-2020-9803 8.8 - High - June 09, 2020

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2020-9806 8.8 - High - June 09, 2020

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2020-9807 8.8 - High - June 09, 2020

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2020-9808 7.1 - High - June 09, 2020

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory.

Memory Corruption

An information disclosure issue was addressed with improved state management

CVE-2020-9809 5.5 - Medium - June 09, 2020

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.

Information Leak

An information disclosure issue was addressed with improved state management

CVE-2020-9811 5.5 - Medium - June 09, 2020

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.

Information Leak

An out-of-bounds read was addressed with improved bounds checking

CVE-2020-9815 7.8 - High - June 09, 2020

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Out-of-bounds Read

A memory consumption issue was addressed with improved memory handling

CVE-2020-9819 4.3 - Medium - June 09, 2020

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.

Memory Corruption

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-9816 7.8 - High - June 09, 2020

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

Out-of-bounds Write

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-9818 8.8 - High - June 09, 2020

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.

Out-of-bounds Write

An information disclosure issue was addressed with improved state management

CVE-2020-9812 5.5 - Medium - June 09, 2020

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.

Information Leak

A memory consumption issue was addressed with improved memory handling

CVE-2020-9859 7.8 - High - June 05, 2020

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.

Uncontrolled Resource Consumption ('Resource Exhaustion')

This issue was addressed with improved checks

CVE-2020-3883 8.8 - High - April 01, 2020

This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements.

A logic issue was addressed with improved state management

CVE-2020-3891 2.4 - Low - April 01, 2020

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.

AuthZ

A buffer overflow was addressed with improved bounds checking

CVE-2020-3909 9.8 - Critical - April 01, 2020

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

buffer overrun

A buffer overflow was addressed with improved size validation

CVE-2020-3910 9.8 - Critical - April 01, 2020

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

buffer overrun

A buffer overflow was addressed with improved bounds checking

CVE-2020-3911 9.8 - Critical - April 01, 2020

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

buffer overrun

A permissions issue existed

CVE-2020-3913 7.8 - High - April 01, 2020

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges.

Improper Privilege Management

A memory initialization issue was addressed with improved memory handling

CVE-2020-3914 5.5 - Medium - April 01, 2020

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory.

Memory Leak

An access issue was addressed with additional sandbox restrictions

CVE-2020-3916 5.3 - Medium - April 01, 2020

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos.

Information Leak

This issue was addressed with a new entitlement

CVE-2020-3917 5.5 - Medium - April 01, 2020

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.

Exposure of Resource to Wrong Sphere

A memory initialization issue was addressed with improved memory handling

CVE-2020-3919 7.8 - High - April 01, 2020

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A use after free issue was addressed with improved memory management

CVE-2020-9768 7.8 - High - April 01, 2020

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges.

Dangling pointer

The issue was addressed with improved handling of icon caches

CVE-2020-9773 3.3 - Low - April 01, 2020

The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to identify what other applications a user has installed.

Information Leak

Multiple memory corruption issues were addressed with improved state management

CVE-2020-9785 7.8 - High - April 01, 2020

Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A memory corruption issue was addressed with improved memory handling

CVE-2020-3895 8.8 - High - April 01, 2020

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A type confusion issue was addressed with improved memory handling

CVE-2020-3897 8.8 - High - April 01, 2020

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

Object Type Confusion

A memory corruption issue was addressed with improved memory handling

CVE-2020-3900 8.8 - High - April 01, 2020

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A type confusion issue was addressed with improved memory handling

CVE-2020-3901 8.8 - High - April 01, 2020

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

Object Type Confusion

A denial of service issue was addressed with improved input validation.

CVE-2019-8741 7.5 - High - February 28, 2020

A denial of service issue was addressed with improved input validation.

Loop with Unreachable Exit Condition ('Infinite Loop')

An out-of-bounds read was addressed with improved input validation

CVE-2020-3826 7.8 - High - February 27, 2020

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved bounds checking

CVE-2020-3829 7.8 - High - February 27, 2020

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to gain elevated privileges.

Out-of-bounds Read

A memory corruption issue was addressed with improved state management

CVE-2020-3834 7.8 - High - February 27, 2020

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An access issue was addressed with improved memory management

CVE-2020-3836 5.5 - Medium - February 27, 2020

An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout.

Memory Corruption

A memory corruption issue was addressed with improved memory handling

CVE-2020-3837 7.8 - High - February 27, 2020

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

The issue was addressed with improved permissions logic

CVE-2020-3838 7.8 - High - February 27, 2020

The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.

Incorrect Default Permissions

A memory corruption issue was addressed with improved memory handling

CVE-2020-3842 7.8 - High - February 27, 2020

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A buffer overflow was addressed with improved size validation

CVE-2020-3846 8.8 - High - February 27, 2020

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

XML Injection (aka Blind XPath Injection)

A type confusion issue was addressed with improved memory handling

CVE-2020-3853 7.8 - High - February 27, 2020

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to execute arbitrary code with system privileges.

Object Type Confusion

A memory corruption issue was addressed with improved input validation

CVE-2020-3856 7.8 - High - February 27, 2020

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted string may lead to heap corruption.

Improper Input Validation

A memory corruption issue was addressed with improved memory handling

CVE-2020-3857 7.8 - High - February 27, 2020

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.

Memory Corruption

A memory corruption issue was addressed with improved input validation

CVE-2020-3860 7.8 - High - February 27, 2020

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds read was addressed with improved input validation

CVE-2020-3870 7.8 - High - February 27, 2020

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

A memory initialization issue was addressed with improved memory handling

CVE-2020-3872 5.5 - Medium - February 27, 2020

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory.

Memory Corruption

A validation issue was addressed with improved input sanitization

CVE-2020-3875 5.5 - Medium - February 27, 2020

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2020-3877 7.5 - High - February 27, 2020

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2020-3878 7.8 - High - February 27, 2020

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read issue existed that led to the disclosure of kernel memory

CVE-2019-6207 5.5 - Medium - December 18, 2019

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

Out-of-bounds Read

A validation issue was addressed with improved logic

CVE-2019-7292 6.5 - Medium - December 18, 2019

A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory.

Improper Input Validation

A memory corruption issue was addressed with improved memory handling

CVE-2019-7293 5.5 - Medium - December 18, 2019

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.

Memory Corruption

An API issue existed in the handling of dictation requests

CVE-2019-8502 3.3 - Low - December 18, 2019

An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.

Improper Input Validation

A type confusion issue was addressed with improved memory handling

CVE-2019-8506 8.8 - High - December 18, 2019

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Object Type Confusion

An out-of-bounds read issue existed that led to the disclosure of kernel memory

CVE-2019-8510 5.5 - Medium - December 18, 2019

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

Out-of-bounds Read

A buffer overflow issue was addressed with improved memory handling

CVE-2019-8511 7.8 - High - December 18, 2019

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges.

buffer overrun

A logic issue was addressed with improved state management

CVE-2019-8514 7.8 - High - December 18, 2019

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.

Improper Privilege Management

A validation issue was addressed with improved logic

CVE-2019-8516 7.5 - High - December 18, 2019

A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.

Improper Input Validation

An out-of-bounds read was addressed with improved bounds checking

CVE-2019-8517 6.5 - Medium - December 18, 2019

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted font may result in the disclosure of process memory.

Out-of-bounds Read

Multiple memory corruption issues were addressed with improved memory handling

CVE-2019-8518 8.8 - High - December 18, 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A buffer overflow was addressed with improved size validation

CVE-2019-8527 9.1 - Critical - December 18, 2019

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

buffer overrun

A memory corruption issue was addressed with improved memory handling

CVE-2019-8536 8.8 - High - December 18, 2019

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory initialization issue was addressed with improved memory handling

CVE-2019-8540 5.5 - Medium - December 18, 2019

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

Improper Initialization

A privacy issue existed in motion sensor calibration

CVE-2019-8541 3.3 - Low - December 18, 2019

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs.

A buffer overflow was addressed with improved bounds checking

CVE-2019-8542 7.8 - High - December 18, 2019

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious application may be able to elevate privileges.

buffer overrun

A memory corruption issue was addressed with improved memory handling

CVE-2019-8544 8.8 - High - December 18, 2019

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2019-8545 7.1 - High - December 18, 2019

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to cause unexpected system termination or read kernel memory.

Memory Corruption

An access issue was addressed with additional sandbox restrictions

CVE-2019-8546 5.5 - Medium - December 18, 2019

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.

Information Leak

An issue existed where partially entered passcodes may not clear when the device went to sleep

CVE-2019-8548 2.4 - Low - December 18, 2019

An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep.

Information Leak

Multiple input validation issues existed in MIG generated code

CVE-2019-8549 7.8 - High - December 18, 2019

Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges.

Improper Input Validation

An issue existed in the pausing of FaceTime video

CVE-2019-8550 4.3 - Medium - December 18, 2019

An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A users video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.

Improper Input Validation

A memory initialization issue was addressed with improved memory handling

CVE-2019-8552 7.8 - High - December 18, 2019

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges.

Memory Corruption

A memory corruption issue was addressed with improved validation

CVE-2019-8553 8.8 - High - December 18, 2019

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2. Clicking a malicious SMS link may lead to arbitrary code execution.

Memory Corruption

Multiple memory corruption issues were addressed with improved memory handling

CVE-2019-8558 8.8 - High - December 18, 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

Multiple memory corruption issues were addressed with improved memory handling

CVE-2019-8559 8.8 - High - December 18, 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

An out-of-bounds read was addressed with improved bounds checking

CVE-2019-8560 5.5 - Medium - December 18, 2019

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to read restricted memory.

Out-of-bounds Read

Multiple memory corruption issues were addressed with improved memory handling

CVE-2019-8563 8.8 - High - December 18, 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A validation issue existed in the handling of symlinks

CVE-2019-8568 5.5 - Medium - December 18, 2019

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system.

insecure temporary file

A memory corruption issue was addressed with improved memory handling

CVE-2019-8574 7.8 - High - December 18, 2019

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.

Memory Corruption

An out-of-bounds read was addressed with improved bounds checking

CVE-2019-8576 7.1 - High - December 18, 2019

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to cause unexpected system termination or read kernel memory.

Out-of-bounds Read

An input validation issue was addressed with improved memory handling

CVE-2019-8577 7.8 - High - December 18, 2019

An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges.

Improper Input Validation

Multiple memory corruption issues were addressed with improved memory handling

CVE-2019-8583 8.8 - High - December 18, 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

An out-of-bounds read was addressed with improved input validation

CVE-2019-8585 8.8 - High - December 18, 2019

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. Processing a maliciously crafted movie file may lead to arbitrary code execution.

Out-of-bounds Read

A type confusion issue was addressed with improved memory handling

CVE-2019-8591 7.1 - High - December 18, 2019

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.

Object Type Confusion