watchOS Apple watchOS Apple Watch Operating System

  1. Vendors
  2. Apple
  3. watchOS

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Apple watchOS.

Recent Apple watchOS Security Advisories

Advisory Title Published
122071 watchOS 11.3 - Apple Security Content January 27, 2025
121843 watchOS 11.2 - Apple Security Content December 11, 2024
121565 watchOS 11.1 - Apple Support Content October 28, 2024
121240 watchOS 11 - Apple Support Security Content September 16, 2024
HT214124 watchOS 10.6 Security Content July 29, 2024
120916 watchOS 10.6 - Apple Security Content July 29, 2024
HT214104 watchOS 10.5 Security Content May 13, 2024
HT214088 watchOS 10.4 Security Content March 7, 2024
HT214060 watchOS 10.3 Security Content January 22, 2024
HT214041 watchOS 10.2 Security Content December 11, 2023

EOL Dates

Ensure that you are using a supported version of Apple watchOS. Here are some end of life, and end of support dates for Apple watchOS.

Release EOL Date Status
11 -
Active
10 September 16, 2024
EOL

Apple watchOS 10 became EOL in 2024 and supported ended in 2024
9 September 22, 2023
EOL

Apple watchOS 9 became EOL in 2023 and supported ended in 2023
8 September 22, 2022
EOL

Apple watchOS 8 became EOL in 2022 and supported ended in 2022
7 October 11, 2021
EOL

Apple watchOS 7 became EOL in 2021 and supported ended in 2021
6 September 16, 2020
EOL

Apple watchOS 6 became EOL in 2020 and supported ended in 2020
5 September 30, 2019
EOL

Apple watchOS 5 became EOL in 2019 and supported ended in 2019
4 September 27, 2018
EOL

Apple watchOS 4 became EOL in 2018 and supported ended in 2018
3 October 4, 2017
EOL

Apple watchOS 3 became EOL in 2017 and supported ended in 2017

By the Year

In 2025 there have been 35 vulnerabilities in Apple watchOS with an average score of 6.7 out of ten. Last year, in 2024 watchOS had 168 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.57.




Year Vulnerabilities Average Score
2025 35 6.72
2024 168 6.15
2023 157 6.58
2022 150 7.24
2021 253 7.19
2020 177 7.31
2019 202 7.72
2018 57 7.54

It may take a day or so for new watchOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple watchOS Security Vulnerabilities

The issue was addressed with improved checks

CVE-2024-44192 5.5 - Medium - March 10, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.

A cookie management issue was addressed with improved state management

CVE-2024-54467 6.5 - Medium - March 10, 2025

A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

A logic issue was addressed with improved checks

CVE-2024-54560 5.5 - Medium - March 10, 2025

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission.

The issue was addressed with improved memory handling

CVE-2024-27859 8.8 - High - February 10, 2025

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution.

The issue was addressed with improved memory handling

CVE-2024-54658 6.5 - Medium - February 10, 2025

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.

A use-after-free issue was addressed with improved memory management

CVE-2024-54499 8.8 - High - January 27, 2025

A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.

Dangling pointer

The issue was addressed with improved bounds checks

CVE-2024-54518 5.3 - Medium - January 27, 2025

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

Out-of-bounds Read

The issue was addressed with improved checks

CVE-2024-54468 8.2 - High - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to break out of its sandbox.

An out-of-bounds access issue was addressed with improved bounds checking

CVE-2024-54478 6.5 - Medium - January 27, 2025

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved bounds checks

CVE-2024-54523 6.3 - Medium - January 27, 2025

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

The issue was addressed with improved checks

CVE-2024-54497 6.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service.

The issue was addressed by removing the relevant flags

CVE-2024-54512 9.1 - Critical - January 27, 2025

The issue was addressed by removing the relevant flags. This issue is fixed in watchOS 11.2, iOS 18.2 and iPadOS 18.2. A system binary could be used to fingerprint a user's Apple Account.

The issue was addressed with improved bounds checks

CVE-2024-54517 7.8 - High - January 27, 2025

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

Memory Corruption

The issue was addressed with improved bounds checks

CVE-2024-54522 7.8 - High - January 27, 2025

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

Memory Corruption

This issue was addressed through improved state management

CVE-2024-54541 5.5 - Medium - January 27, 2025

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.

The issue was addressed with improved memory handling

CVE-2024-54543 8.8 - High - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.

Memory Corruption

This issue was addressed through improved state management

CVE-2025-24162 6.5 - Medium - January 27, 2025

This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved memory handling

CVE-2025-24158 6.5 - Medium - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.

An out-of-bounds read was addressed with improved bounds checking

CVE-2025-24149 5.5 - Medium - January 27, 2025

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to disclosure of user information.

This issue was addressed with improved redaction of sensitive information

CVE-2025-24117 5.5 - Medium - January 27, 2025

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.

Insecure Storage of Sensitive Information

A validation issue was addressed with improved logic

CVE-2025-24159 7.8 - High - January 27, 2025

A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges.

A permissions issue was addressed with additional restrictions

CVE-2025-24107 7.8 - High - January 27, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3 and iPadOS 18.3. A malicious app may be able to gain root privileges.

The issue was addressed with improved memory handling

CVE-2025-24086 5.5 - Medium - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.

A use after free issue was addressed with improved memory management

CVE-2025-24085 7.8 - High - January 27, 2025

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

Dangling pointer

The issue was addressed with improved checks

CVE-2025-24124 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24123 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24163 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24161 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24160 - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

A type confusion issue was addressed with improved checks

CVE-2025-24137 - January 27, 2025

A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.

The issue was addressed with improved memory handling

CVE-2025-24131 6.5 - Medium - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service.

A type confusion issue was addressed with improved checks

CVE-2025-24129 7.5 - High - January 27, 2025

A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination.

Object Type Confusion

An input validation issue was addressed

CVE-2025-24126 7.3 - High - January 27, 2025

An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory.

The issue was addressed with improved checks

CVE-2024-27856 7.8 - High - January 15, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.

Code Injection

A path handling issue was addressed with improved logic

CVE-2024-54535 4.3 - Medium - January 15, 2025

A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.

Directory traversal

Apple Multiple Products Denial-of-Service Vulnerability in Input Validation

CVE-2024-54538 7.5 - High - December 20, 2024

A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service.

A cookie management issue was addressed with improved state management

CVE-2024-44212 5.3 - Medium - December 12, 2024

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.

Origin Validation Error

This issue was addressed with improved redaction of sensitive information

CVE-2024-44290 3.3 - Low - December 12, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a users current location.

The issue was addressed with improved memory handling

CVE-2024-54534 9.8 - Critical - December 12, 2024

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.

Memory Corruption

A type confusion issue was addressed with improved memory handling

CVE-2024-54505 8.8 - High - December 12, 2024

A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.

Object Type Confusion

The issue was addressed with improved memory handling

CVE-2024-54508 7.5 - High - December 12, 2024

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved checks

CVE-2024-54502 6.5 - Medium - December 12, 2024

The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved checks

CVE-2024-54479 7.5 - High - December 12, 2024

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved checks

CVE-2024-54501 5.5 - Medium - December 12, 2024

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted file may lead to a denial of service.

A logic issue was addressed with improved checks

CVE-2024-44225 7.8 - High - December 12, 2024

A logic issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to gain elevated privileges.

The issue was addressed with improved checks

CVE-2024-54514 8.6 - High - December 12, 2024

The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox.

A race condition was addressed with improved locking

CVE-2024-54510 5.1 - Medium - December 12, 2024

A race condition was addressed with improved locking. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to leak sensitive kernel state.

Race Condition

A race condition was addressed with additional validation

CVE-2024-54494 5.9 - Medium - December 12, 2024

A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be written to.

Race Condition

The issue was addressed with improved checks

CVE-2024-54500 5.5 - Medium - December 12, 2024

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted image may result in disclosure of process memory.

The issue was addressed with improved checks

CVE-2024-54486 6.5 - Medium - December 12, 2024

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted font may result in the disclosure of process memory.

A permissions issue was addressed with additional restrictions

CVE-2024-54513 5.5 - Medium - December 12, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.

This issue was addressed with improved checks

CVE-2024-54527 5.5 - Medium - December 12, 2024

This issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access sensitive user data.

The issue was addressed with improved checks

CVE-2024-54526 5.5 - Medium - December 12, 2024

The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to access private information.

Apple Multiple Products Video Parsing Out-of-Bounds Write Vulnerability

CVE-2024-44234 5.5 - Medium - November 01, 2024

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

Apple Multiple Products Video Parsing Out-of-Bounds Write Vulnerability

CVE-2024-44233 5.5 - Medium - November 01, 2024

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

Apple Multiple Products Video Parsing Out-of-Bounds Write Vulnerability

CVE-2024-44232 5.5 - Medium - November 01, 2024

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

The issue was addressed with improved checks

CVE-2024-44240 5.5 - Medium - October 28, 2024

The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.

A custom URL scheme handling issue was addressed with improved input validation

CVE-2024-44155 6.5 - Medium - October 28, 2024

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.

A buffer overflow was addressed with improved size validation

CVE-2024-44144 5.5 - Medium - October 28, 2024

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination.

Classic Buffer Overflow

The issue was addressed with improved bounds checks

CVE-2024-44297 6.5 - Medium - October 28, 2024

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service.

The issue was addressed with improved checks

CVE-2024-44302 5.5 - Medium - October 28, 2024

The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.

A memory corruption issue was addressed with improved input validation

CVE-2024-44244 4.3 - Medium - October 28, 2024

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.

Memory Corruption

An information disclosure issue was addressed with improved private data redaction for log entries

CVE-2024-44239 5.5 - Medium - October 28, 2024

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state.

Insertion of Sensitive Information into Log File

This issue was addressed with improved checks

CVE-2024-44215 5.5 - Medium - October 28, 2024

This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory.

This issue was addressed with improved redaction of sensitive information

CVE-2024-44194 5.5 - Medium - October 28, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data.

iOS 18 Use After Free DOS or Kernel Memory Corruption

CVE-2024-44285 7.8 - High - October 28, 2024

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.

Dangling pointer

An out-of-bounds read was addressed with improved input validation

CVE-2024-44282 5.5 - Medium - October 28, 2024

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Parsing a file may lead to disclosure of user information.

Out-of-bounds Read

The issue was addressed with improved authentication

CVE-2024-44274 4.6 - Medium - October 28, 2024

The issue was addressed with improved authentication. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access to a locked device may be able to view sensitive user information.

This issue was addressed with improved handling of symlinks

CVE-2024-44273 5.5 - Medium - October 28, 2024

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information.

insecure temporary file

A logic issue was addressed with improved checks

CVE-2024-44269 5.5 - Medium - October 28, 2024

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A malicious app may use shortcuts to access restricted files.

A path handling issue was addressed with improved logic

CVE-2024-44255 7.8 - High - October 28, 2024

A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent.

Directory traversal

This issue was addressed with improved redaction of sensitive information

CVE-2024-44254 5.5 - Medium - October 28, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data.

An information disclosure issue was addressed with improved private data redaction for log entries

CVE-2024-44278 5.5 - Medium - October 28, 2024

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A sandboxed app may be able to access sensitive user data in system logs.

The issue was addressed with improved checks

CVE-2024-44296 5.4 - Medium - October 28, 2024

The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Safari 17 web content restriction bypass

CVE-2024-44206 9.3 - Critical - October 24, 2024

An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.

The issue was addressed with improved checks

CVE-2024-44185 5.5 - Medium - October 24, 2024

The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved memory handling

CVE-2024-44169 5.5 - Medium - September 17, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.

An integer overflow was addressed through improved input validation

CVE-2024-44198 5.5 - Medium - September 17, 2024

An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.

Integer Overflow or Wraparound

This issue was addressed through improved state management

CVE-2024-44191 5.5 - Medium - September 17, 2024

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth.

A cross-origin issue existed with "iframe" elements

CVE-2024-44187 6.5 - Medium - September 17, 2024

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

Origin Validation Error

A logic error was addressed with improved error handling

CVE-2024-44183 5.5 - Medium - September 17, 2024

A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.

An out-of-bounds access issue was addressed with improved bounds checking

CVE-2024-44176 5.5 - Medium - September 17, 2024

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service.

This issue was addressed through improved state management

CVE-2024-44171 4.6 - Medium - September 17, 2024

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features.

This issue was addressed through improved state management

CVE-2024-40857 6.1 - Medium - September 17, 2024

This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.

XSS

A file access issue was addressed with improved input validation

CVE-2024-40850 5.5 - Medium - September 17, 2024

A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.

An out-of-bounds read issue was addressed with improved input validation

CVE-2024-27880 5.5 - Medium - September 17, 2024

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination.

Out-of-bounds Read

A privacy issue was addressed by moving sensitive data to a more secure location

CVE-2024-44170 5.5 - Medium - September 17, 2024

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data.

An issue was discovered in libexpat before 2.6.3

CVE-2024-45490 7.5 - High - August 30, 2024

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

XXE

A logic issue was addressed with improved checks

CVE-2024-40809 7.8 - High - July 29, 2024

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.

A logic issue was addressed with improved checks

CVE-2024-40812 7.8 - High - July 29, 2024

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.

An out-of-bounds read issue was addressed with improved input validation

CVE-2024-40806 5.5 - Medium - July 29, 2024

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.

Out-of-bounds Read

This issue was addressed with improved checks

CVE-2024-40785 6.1 - Medium - July 29, 2024

This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.

XSS

An out-of-bounds read was addressed with improved bounds checking

CVE-2024-40780 5.5 - Medium - July 29, 2024

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

Out-of-bounds Read

An out-of-bounds read was addressed with improved bounds checking

CVE-2024-40779 5.5 - Medium - July 29, 2024

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

Out-of-bounds Read

A use-after-free issue was addressed with improved memory management

CVE-2024-40776 4.3 - Medium - July 29, 2024

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

Dangling pointer

A downgrade issue was addressed with additional code-signing restrictions

CVE-2024-40774 7.1 - High - July 29, 2024

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. An app may be able to bypass Privacy preferences.

This issue was addressed with a new entitlement

CVE-2024-27884 5.5 - Medium - July 29, 2024

This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.

A type confusion issue was addressed with improved memory handling

CVE-2024-40788 5.5 - Medium - July 29, 2024

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.

Object Type Confusion

An out-of-bounds access issue was addressed with improved bounds checking

CVE-2024-40789 6.5 - Medium - July 29, 2024

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

This issue was addressed by removing the vulnerable code

CVE-2024-40793 5.5 - Medium - July 29, 2024

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An app may be able to access user-sensitive data.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple watchOS or by Apple? Click the Watch button to subscribe.

Apple
Vendor

Apple watchOS
Apple Watch Operating System

subscribe