Apple watchOS Apple Watch Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple watchOS.
Recent Apple watchOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 125890 | watchOS 26.2 - Apple Security Content | December 12, 2025 |
| 125639 | watchOS 26.1 - Apple Security Content | November 3, 2025 |
| 125116 | watchOS 26 - Apple Security Content | September 15, 2025 |
| 124155 | watchOS 11.6 - Apple Security Content | July 29, 2025 |
| 122722 | watchOS 11.5 - Apple Security Content | May 12, 2025 |
| 122376 | watchOS 11.4 - Apple Security Content | April 1, 2025 |
| 122903 | watchOS 11.3.1 - Apple Security Content | February 10, 2025 |
| 122071 | watchOS 11.3 - Apple Security Content | January 27, 2025 |
| 121843 | watchOS 11.2 - Apple Security Content | December 11, 2024 |
| 121565 | watchOS 11.1 - Apple Support Content | October 28, 2024 |
EOL Dates
Ensure that you are using a supported version of Apple watchOS. Here are some end of life, and end of support dates for Apple watchOS.
| Release | EOL Date | Status |
|---|---|---|
| 26 | - |
Active
|
| 11 | September 15, 2025 |
EOL
Apple watchOS 11 became EOL in 2025. |
| 10 | September 16, 2024 |
EOL
Apple watchOS 10 became EOL in 2024. |
| 9 | September 18, 2023 |
EOL
Apple watchOS 9 became EOL in 2023. |
| 8 | September 12, 2022 |
EOL
Apple watchOS 8 became EOL in 2022. |
| 7 | September 20, 2021 |
EOL
Apple watchOS 7 became EOL in 2021. |
| 6 | September 16, 2020 |
EOL
Apple watchOS 6 became EOL in 2020. |
| 5 | September 19, 2019 |
EOL
Apple watchOS 5 became EOL in 2019. |
| 4 | September 17, 2018 |
EOL
Apple watchOS 4 became EOL in 2018. |
| 3 | September 19, 2017 |
EOL
Apple watchOS 3 became EOL in 2017. |
By the Year
In 2026 there have been 2 vulnerabilities in Apple watchOS with an average score of 5.4 out of ten. Last year, in 2025 watchOS had 217 security vulnerabilities published. Right now, watchOS is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 1.26
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 5.40 |
| 2025 | 217 | 6.66 |
| 2024 | 171 | 6.35 |
| 2023 | 160 | 6.76 |
| 2022 | 150 | 7.24 |
| 2021 | 253 | 7.19 |
| 2020 | 177 | 7.31 |
| 2019 | 202 | 7.72 |
| 2018 | 57 | 7.54 |
It may take a day or so for new watchOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple watchOS Security Vulnerabilities
The issue was addressed with improved memory handling
CVE-2025-46298
6.5 - Medium
- January 09, 2026
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
A memory initialization issue was addressed with improved memory handling
CVE-2025-46299
4.3 - Medium
- January 09, 2026
A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose internal states of the app.
Authorization
Apple iOS/watchOS: App ID Retrieval Privacy Issue Fixed in 18.7.3/26.2
CVE-2025-46279
9.8 - Critical
- December 17, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed.
Information Disclosure
Apple 26.2 OS: HID MEM Corrupt (Bad Input)
CVE-2025-43533
3.5 - Low
- December 17, 2025
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A malicious HID device may cause an unexpected process crash.
Improper Input Validation
Apple iOS/macOS Use-After-Free in Safari (fixed 26.2) CAU leading to code exec
CVE-2025-43529
8.8 - High
- December 17, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Dangling pointer
Apple OS Payment Token Access via Permission Flaw (v26.2)
CVE-2025-46288
5.5 - Medium
- December 17, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens.
Authorization
Apple Safari race condition leads to crash from malicious content
CVE-2025-43531
3.1 - Low
- December 17, 2025
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Race Condition
macOS 26.2 Redaction Fix Prevents Safari History Leak
CVE-2025-46277
5.5 - Medium
- December 17, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2. An app may be able to access a users Safari history.
Insertion of Sensitive Information into Log File
Apple macOS Spellcheck API File Access Escalation (Fixed 14.8.3/15.7.3)
CVE-2025-43518
3.3 - Low
- December 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API.
Authorization
macOS Sonoma 14.x log data redaction flaw exposes sensitive data
CVE-2025-43538
- December 12, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
macOS File Processing Memory Corruption (Fixed 14.8.3/15.7.3)
CVE-2025-43539
8.8 - High
- December 12, 2025
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption.
Buffer Overflow
macOS FaceTime Caller ID Spoof Before 14.8.3/15.7.3
CVE-2025-46287
9.8 - Critical
- December 12, 2025
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An attacker may be able to spoof their FaceTime caller ID.
User Interface (UI) Misrepresentation of Critical Information
Apple Mail Header Parsing DoS in iOS/macOS/watchOS (26.1)
CVE-2025-43494
7.5 - High
- December 12, 2025
A mail header parsing issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. An attacker may be able to cause a persistent denial-of-service.
Improper Input Validation
Memory Corruption via Bounds Check, macOS Sonoma 14.8.3 / Sequoia 15.7.3
CVE-2025-43532
2.8 - Low
- December 12, 2025
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing malicious data may lead to unexpected app termination.
Classic Buffer Overflow
Apple macOS Integer Overflow Root Escalation Fixed in 14.8.3/15.7.3
CVE-2025-46285
7.8 - High
- December 12, 2025
An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
Integer Overflow or Wraparound
Memory Corruption via Improper Lock State Checking in Apple OS 26.1
CVE-2025-43510
7.8 - High
- December 12, 2025
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.
Race Condition
Use-After-Free Crash via Web Content in iOS+iPadOS (fixed in 18.7.2)
CVE-2025-43511
6.5 - Medium
- December 12, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Dangling pointer
macOS Info-Disclosure via Privacy Controls (Sonoma<14.8.3/Sequoia<15.7.3)
CVE-2025-46276
3.3 - Low
- December 12, 2025
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An app may be able to access sensitive user data.
Apple OS Kernel Memcorrupt (iOS18.7.2, watchOS26.1, macOS15.7.2) fixed 26.1
CVE-2025-43520
5.5 - Medium
- December 12, 2025
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.
Out-of-Bounds in ANGLE, Google Chrome <143.0.7499.110, Mac
CVE-2025-14174
8.8 - High
- December 12, 2025
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Buffer Overflow
Apple OS Kernel OOB Read via Bounds Check - Fixed in iOS 18.5
CVE-2025-43374
4.3 - Medium
- November 21, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, macOS Sequoia 15.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory.
Stack Overflow
OOB Access in watchOS tvOS visionOS iOS iPadOS Before 11.4/18.4 Bypass ASLR
CVE-2025-43205
4 - Medium
- November 12, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass ASLR.
Out-of-bounds Read
Apple Safari 26.1: Web Content Crash Vulnerability
CVE-2025-43430
4.3 - Medium
- November 04, 2025
This issue was addressed through improved state management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Improper Input Validation
Apple OSs: watchOS 26.1/iOS 26.1/iPadOS 26.1/visionOS 26.1 Memory Leak/Kernel Corruption
CVE-2025-43447
5.5 - Medium
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
Buffer Overflow
Apple OS Sensitive Data Access Vulnerability (CVE-2025-43345)
CVE-2025-43345
5.5 - Medium
- November 04, 2025
A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to access sensitive user data.
Information Disclosure
Apple OS UI Spoofing (before 26.1)
CVE-2025-43503
4.3 - Medium
- November 04, 2025
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Visiting a malicious website may lead to user interface spoofing.
Authentication Bypass by Spoofing
Safari/iOS memory corruption via web content, fixed v26.1
CVE-2025-43431
8.8 - High
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to memory corruption.
Buffer Overflow
Apple OS Symlink Validation Flaw Allows Data Access (pre-26.1)
CVE-2025-43379
5.5 - Medium
- November 04, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access protected user data.
insecure temporary file
Safari UA-FREE Crash before 26.1 on iOS/iPadOS/watchOS, visionOS
CVE-2025-43457
6.5 - Medium
- November 04, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Apple OS 26.1 App Enumeration Permission Escalation
CVE-2025-43436
7.5 - High
- November 04, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to enumerate a user's installed apps.
Authentication Bypass Using an Alternate Path or Channel
Apple visionOS/iOS Fingerprint Vulnerability via Entitlement Checks
CVE-2025-43323
8.1 - High
- November 04, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 26, tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to fingerprint the user.
Information Disclosure
Safari Crash via Malformed Web Content Fixed in 26.1
CVE-2025-43440
6.5 - Medium
- November 04, 2025
This issue was addressed with improved checks This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
XSS
Apple OS Remote Images Load Even When Setting Turned Off (Fixed 26.1/15.7.2)
CVE-2025-43496
7.5 - High
- November 04, 2025
The issue was addressed by adding additional logic. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.
Privacy violation
Safari use-after-free crash on watchOS/iOS @26.1
CVE-2025-43438
4.3 - Medium
- November 04, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Cross-Origin Data Exfiltration in Safari 26.1 (CVE-2025-43480)
CVE-2025-43480
8.1 - High
- November 04, 2025
The issue was addressed with improved checks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. A malicious website may exfiltrate data cross-origin.
Permissive Cross-domain Policy with Untrusted Domains
Apple Safari <26.1 Process Crash via Malicious Web Content
CVE-2025-43443
4.3 - Medium
- November 04, 2025
This issue was addressed with improved checks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Privacy Flaw: Screenshots of Embedded Views in Apple iOS/watchOS 26.1
CVE-2025-43455
5.5 - Medium
- November 04, 2025
A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views.
Information Disclosure
UAF in Safari, iOS & WatchOS 26.1: Crash Fixed
CVE-2025-43434
4.3 - Medium
- November 04, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Apple OS Kernel OOB Read Fixed iOS26 & macOS14.8.2/15.7.2
CVE-2025-43361
7.8 - High
- November 04, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, visionOS 26. A malicious app may be able to read kernel memory.
Out-of-bounds Read
Apple Watch Live Voicemail Auth Bypass pre-wOS 26.1
CVE-2025-43459
4.6 - Medium
- November 04, 2025
An authentication issue was addressed with improved state management. This issue is fixed in watchOS 26.1. An attacker with physical access to a locked Apple Watch may be able to view Live Voicemail.
AuthZ
Apple OS memory corruption causing appinitiated termination pre26.1
CVE-2025-43398
5.5 - Medium
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to cause unexpected system termination.
Buffer Overflow
Apple Safari DNS Leak via Private Relay Logic Flaw
CVE-2025-43376
7.5 - High
- November 04, 2025
A logic issue was addressed with improved state management. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.
Safari 26.1 Crash via Malicious Web Content (State Mgmt)
CVE-2025-43458
4.3 - Medium
- November 04, 2025
This issue was addressed through improved state management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Improper Input Validation
Apple Safari Memory Corruption via Malicious Web Content
CVE-2025-43419
8.8 - High
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to memory corruption.
Buffer Overflow
Apple OS Kernel Memory Corruption CVE-2025-43462 (fixed 26.1)
CVE-2025-43462
7.5 - High
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
Resource Exhaustion
Apple Safari 26.1 Memory Handling Crash via Malicious Web Content
CVE-2025-43435
4.3 - Medium
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple iOS/watchOS/iPadOS privacy flaw allows user fingerprinting before 26.1
CVE-2025-43507
6.5 - Medium
- November 04, 2025
A privacy issue was addressed by moving sensitive data. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. An app may be able to fingerprint the user.
Incorrect Default Permissions
Use-After-Free in Safari 26.1 (WebKit)
CVE-2025-43432
4.3 - Medium
- November 04, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Dangling pointer
Apple OS 26 Privacy Data Leak (before 26.1)
CVE-2025-43500
7.5 - High
- November 04, 2025
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data.
Privacy violation
Apple VisionOS/OS OOB Read via Media File (fixed in 26.1/14.8.2)
CVE-2025-43445
4.3 - Medium
- November 04, 2025
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple watchOS or by Apple? Click the Watch button to subscribe.
