watchOS Apple watchOS Apple Watch Operating System

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Apple watchOS.

Recent Apple watchOS Security Advisories

Advisory Title Published
122722 watchOS 11.5 - Apple Security Content May 12, 2025
122376 watchOS 11.4 - Apple Security Content April 1, 2025
122071 watchOS 11.3 - Apple Security Content January 27, 2025
121843 watchOS 11.2 - Apple Security Content December 11, 2024
121565 watchOS 11.1 - Apple Support Content October 28, 2024
121240 watchOS 11 - Apple Support Security Content September 16, 2024
HT214124 watchOS 10.6 Security Content July 29, 2024
120916 watchOS 10.6 - Apple Security Content July 29, 2024
HT214104 watchOS 10.5 Security Content May 13, 2024
HT214088 watchOS 10.4 Security Content March 7, 2024

EOL Dates

Ensure that you are using a supported version of Apple watchOS. Here are some end of life, and end of support dates for Apple watchOS.

Release EOL Date Status
11 -
Active

10 September 16, 2024
EOL

Apple watchOS 10 became EOL in 2024 and supported ended in 2024

9 September 22, 2023
EOL

Apple watchOS 9 became EOL in 2023 and supported ended in 2023

8 September 22, 2022
EOL

Apple watchOS 8 became EOL in 2022 and supported ended in 2022

7 October 11, 2021
EOL

Apple watchOS 7 became EOL in 2021 and supported ended in 2021

6 September 16, 2020
EOL

Apple watchOS 6 became EOL in 2020 and supported ended in 2020

5 September 30, 2019
EOL

Apple watchOS 5 became EOL in 2019 and supported ended in 2019

4 September 27, 2018
EOL

Apple watchOS 4 became EOL in 2018 and supported ended in 2018

3 October 4, 2017
EOL

Apple watchOS 3 became EOL in 2017 and supported ended in 2017

By the Year

In 2025 there have been 117 vulnerabilities in Apple watchOS with an average score of 6.8 out of ten. Last year, in 2024 watchOS had 170 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in watchOS in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.59.




Year Vulnerabilities Average Score
2025 117 6.75
2024 170 6.16
2023 158 6.57
2022 150 7.24
2021 253 7.19
2020 177 7.31
2019 202 7.72
2018 57 7.54

It may take a day or so for new watchOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple watchOS Security Vulnerabilities

This issue was addressed with improved checks

CVE-2025-43200 - June 16, 2025

This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

The issue was addressed with improved memory handling

CVE-2025-24184 - May 19, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination.

The issue was addressed with improved checks

CVE-2025-24189 - May 19, 2025

The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.

A permissions issue was addressed with additional restrictions

CVE-2025-31262 - May 19, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to modify protected parts of the file system.

This issue was addressed with improved memory handling

CVE-2025-31257 - May 12, 2025

This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

The issue was addressed with improved input sanitization

CVE-2025-31251 - May 12, 2025

The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

This issue was addressed through improved state management

CVE-2025-31212 - May 12, 2025

This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may be able to access sensitive user data.

The issue was addressed with improved checks

CVE-2025-31208 - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.

An out-of-bounds read was addressed with improved bounds checking

CVE-2025-31209 - May 12, 2025

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to disclosure of user information.

A use-after-free issue was addressed with improved memory management

CVE-2025-31239 - May 12, 2025

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved input sanitization

CVE-2025-31233 - May 12, 2025

The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

A logic issue was addressed with improved checks

CVE-2025-31226 - May 12, 2025

A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing a maliciously crafted image may lead to a denial-of-service.

The issue was addressed with improved memory handling

CVE-2025-31219 - May 12, 2025

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

A double free issue was addressed with improved memory management

CVE-2025-31241 - May 12, 2025

A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.

A correctness issue was addressed with improved checks

CVE-2025-31222 - May 12, 2025

A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges.

An integer overflow was addressed with improved input validation

CVE-2025-31221 - May 12, 2025

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory.

The issue was addressed with improved checks

CVE-2025-31223 - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

The issue was addressed with improved checks

CVE-2025-31238 - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

The issue was addressed with improved memory handling

CVE-2025-24223 - May 12, 2025

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

The issue was addressed with improved memory handling

CVE-2025-31204 - May 12, 2025

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

The issue was addressed with improved input validation

CVE-2025-31217 - May 12, 2025

The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

The issue was addressed with improved checks

CVE-2025-31215 - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.

A type confusion issue was addressed with improved state handling

CVE-2025-31206 - May 12, 2025

A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

The issue was addressed with improved checks

CVE-2025-31205 - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.

A memory corruption issue was addressed with improved state management

CVE-2025-24111 - May 12, 2025

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.

An information disclosure issue was addressed by removing the vulnerable code

CVE-2025-24144 - May 12, 2025

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state.

The issue was addressed with improved checks

CVE-2025-24251 - April 29, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.

An integer overflow was addressed with improved input validation

CVE-2025-31203 - April 29, 2025

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.

A memory corruption issue was addressed with improved bounds checking

CVE-2025-31200 - April 16, 2025

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Memory Corruption

A use-after-free issue was addressed with improved memory management

CVE-2023-42970 - April 11, 2025

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.

Processing web content may lead to arbitrary code execution

CVE-2023-42875 - April 11, 2025

Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.

This issue was addressed with improved access restrictions

CVE-2025-30433 - March 31, 2025

This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.

A path handling issue was addressed with improved logic

CVE-2025-30470 - March 31, 2025

A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to read sensitive location information.

This issue was addressed with additional entitlement checks

CVE-2025-30426 - March 31, 2025

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to enumerate a user's installed apps.

This issue was addressed with additional entitlement checks

CVE-2025-24173 - March 31, 2025

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

The issue was addressed with improved checks

CVE-2025-30467 - March 31, 2025

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing.

This issue was addressed through improved state management

CVE-2025-24167 - March 31, 2025

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download's origin may be incorrectly associated.

A validation issue was addressed with improved logic

CVE-2025-30471 - March 31, 2025

A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service.

This issue was addressed with improved access restrictions

CVE-2025-30438 - March 31, 2025

This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.

This issue was addressed with improved handling of floats

CVE-2025-24213 - March 31, 2025

This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.5, Safari 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5. A type confusion issue could lead to memory corruption.

A privacy issue was addressed by not logging contents of text fields

CVE-2025-24214 - March 31, 2025

A privacy issue was addressed by not logging contents of text fields. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

A use-after-free issue was addressed with improved memory management

CVE-2025-30427 - March 31, 2025

A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

A buffer overflow issue was addressed with improved memory handling

CVE-2025-24209 - March 31, 2025

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved memory handling

CVE-2025-24216 - March 31, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

The issue was addressed with improved memory handling

CVE-2025-24264 - March 31, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

A logic issue was addressed with improved checks

CVE-2025-24238 - March 31, 2025

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain elevated privileges.

The issue was addressed with improved restriction of data container access

CVE-2025-31183 - March 31, 2025

The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

The issue was addressed with improved memory handling

CVE-2025-24244 - March 31, 2025

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted font may result in the disclosure of process memory.

This issue was addressed through improved state management

CVE-2025-30425 - March 31, 2025

This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode.

This issue was addressed with improved redaction of sensitive information

CVE-2025-24217 - March 31, 2025

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple watchOS or by Apple? Click the Watch button to subscribe.

Apple
Vendor

Apple watchOS
Apple Watch Operating System

subscribe