Summary
Detail | |||
---|---|---|---|
Vendor | Apple | First view | 2014-01-21 |
Product | Watchos | Last view | 2024-09-17 |
Version | 2.2 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:apple:watchos |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.5 | 2024-09-17 | CVE-2024-44198 | An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. |
5.5 | 2024-09-17 | CVE-2024-44191 | This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth. |
6.5 | 2024-09-17 | CVE-2024-44187 | A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. |
5.5 | 2024-09-17 | CVE-2024-44183 | A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service. |
5.5 | 2024-09-17 | CVE-2024-44176 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service. |
4.6 | 2024-09-17 | CVE-2024-44171 | This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features. |
5.5 | 2024-09-17 | CVE-2024-44170 | A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data. |
6.1 | 2024-09-17 | CVE-2024-40857 | This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting. |
5.5 | 2024-09-17 | CVE-2024-40850 | A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data. |
5.5 | 2024-09-17 | CVE-2024-27880 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination. |
5.5 | 2024-07-29 | CVE-2024-40835 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to use sensitive data with certain actions without prompting the user. |
2.4 | 2024-07-29 | CVE-2024-40822 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. An attacker with physical access to a device may be able to access contacts from the lock screen. |
4.6 | 2024-07-29 | CVE-2024-40818 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An attacker with physical access may be able to use Siri to access sensitive user data. |
7.5 | 2024-07-29 | CVE-2024-40815 | A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. |
4.6 | 2024-07-29 | CVE-2024-40813 | A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sensitive user data. |
7.8 | 2024-07-29 | CVE-2024-40812 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. |
7.8 | 2024-07-29 | CVE-2024-40809 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. |
5.5 | 2024-07-29 | CVE-2024-40806 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination. |
7.1 | 2024-07-29 | CVE-2024-40799 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination. |
3.3 | 2024-07-29 | CVE-2024-40795 | This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to read sensitive location information. |
5.5 | 2024-07-29 | CVE-2024-40793 | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An app may be able to access user-sensitive data. |
6.5 | 2024-07-29 | CVE-2024-40789 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. |
5.5 | 2024-07-29 | CVE-2024-40788 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown. |
7.1 | 2024-07-29 | CVE-2024-40787 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. |
6.1 | 2024-07-29 | CVE-2024-40785 | This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
23% (220) | CWE-787 | Out-of-bounds Write |
21% (202) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
13% (125) | CWE-125 | Out-of-bounds Read |
8% (77) | CWE-416 | Use After Free |
6% (62) | CWE-20 | Improper Input Validation |
3% (35) | CWE-200 | Information Exposure |
3% (30) | CWE-362 | Race Condition |
2% (28) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
2% (20) | CWE-190 | Integer Overflow or Wraparound |
1% (18) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
1% (11) | CWE-665 | Improper Initialization |
1% (10) | CWE-476 | NULL Pointer Dereference |
1% (10) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
0% (8) | CWE-295 | Certificate Issues |
0% (6) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
0% (6) | CWE-276 | Incorrect Default Permissions |
0% (5) | CWE-269 | Improper Privilege Management |
0% (5) | CWE-264 | Permissions, Privileges, and Access Controls |
0% (5) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
0% (4) | CWE-415 | Double Free |
0% (3) | CWE-704 | Incorrect Type Conversion or Cast |
0% (3) | CWE-667 | Insufficient Locking |
0% (3) | CWE-532 | Information Leak Through Log Files |
0% (3) | CWE-287 | Improper Authentication |
0% (2) | CWE-613 | Insufficient Session Expiration |
Snort® IPS/IDS
Date | Description |
---|---|
2020-11-18 | Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt RuleID : 56009 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-11-18 | Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt RuleID : 56008 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54666 - Type : BROWSER-WEBKIT - Revision : 2 |
2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54665 - Type : BROWSER-WEBKIT - Revision : 2 |
2020-04-21 | Apple Safari browser putToPrimitive cross-site scripting attempt RuleID : 53479 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-04-21 | Apple Safari WebKit type confusion attempt RuleID : 53478 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-04-21 | Apple Safari WebKit type confusion attempt RuleID : 53477 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-04-21 | Apple Safari browser putToPrimitive cross-site scripting attempt RuleID : 53476 - Type : BROWSER-WEBKIT - Revision : 2 |
2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52314 - Type : BROWSER-WEBKIT - Revision : 1 |
2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52313 - Type : BROWSER-WEBKIT - Revision : 1 |
2019-12-17 | Apple Safari WebKit handleIntrinsicCall type confusion attempt RuleID : 52245 - Type : BROWSER-WEBKIT - Revision : 1 |
2019-12-17 | Apple Safari WebKit handleIntrinsicCall type confusion attempt RuleID : 52244 - Type : BROWSER-WEBKIT - Revision : 1 |
2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1 |
2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1 |
2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1 |
2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1 |
2019-10-08 | Apple Safari memory corruption attempt RuleID : 51416 - Type : BROWSER-WEBKIT - Revision : 2 |
2019-10-08 | Apple Safari memory corruption attempt RuleID : 51415 - Type : BROWSER-WEBKIT - Revision : 2 |
2019-10-01 | WebKit GetIndexedPropertyStorage memory corruption attempt RuleID : 51386 - Type : BROWSER-WEBKIT - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1633.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-118b9abf99.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-1a8582a7ee.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-242f6c1a41.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-499f2dbc96.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-55b875c1ac.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e2e8a07a01.nasl - Type: ACT_GATHER_INFO |
2018-12-21 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO |
2018-12-21 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO |
2018-12-21 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO |
2018-12-21 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO |
2018-12-19 | Name: An application installed on remote host is affected by multiple vulnerabilities File: itunes_12_9_2.nasl - Type: ACT_GATHER_INFO |
2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1114.nasl - Type: ACT_GATHER_INFO |
2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1115.nasl - Type: ACT_GATHER_INFO |
2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1116.nasl - Type: ACT_GATHER_INFO |
2018-12-07 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari12_0_2.nasl - Type: ACT_GATHER_INFO |
2018-12-03 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201812-04.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Fedora host is missing a security update. File: fedora_2018-192148f4ff.nasl - Type: ACT_GATHER_INFO |
2018-11-06 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-309-01.nasl - Type: ACT_GATHER_INFO |
2018-11-02 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1.nasl - Type: ACT_GATHER_INFO |
2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO |
2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO |
2018-10-31 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_1.nasl - Type: ACT_GATHER_INFO |