Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2015-08-14 |
| Product | Watchos | Last view | 2022-03-18 |
| Version | 2.1 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:watchos | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 3.3 | 2022-03-18 | CVE-2022-22670 | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed. |
| 7.8 | 2022-03-18 | CVE-2022-22666 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. |
| 4.3 | 2022-03-18 | CVE-2022-22654 | A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing. |
| 7.8 | 2022-03-18 | CVE-2022-22640 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. |
| 6.5 | 2022-03-18 | CVE-2022-22638 | A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. |
| 7.8 | 2022-03-18 | CVE-2022-22633 | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. |
| 9.8 | 2022-03-18 | CVE-2022-22632 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges. |
| 4.6 | 2022-03-18 | CVE-2022-22621 | This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. |
| 7.8 | 2022-03-18 | CVE-2022-22618 | This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. |
| 7.8 | 2022-03-18 | CVE-2022-22615 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22614 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22613 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22612 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption. |
| 7.8 | 2022-03-18 | CVE-2022-22611 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution. |
| 7.5 | 2022-03-18 | CVE-2022-22609 | The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings. |
| 5.5 | 2022-03-18 | CVE-2022-22600 | The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences. |
| 2.4 | 2022-03-18 | CVE-2022-22599 | Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen. |
| 7.8 | 2022-03-18 | CVE-2022-22596 | A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. |
| 6.5 | 2022-03-18 | CVE-2022-22594 | A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information. |
| 7.8 | 2022-03-18 | CVE-2022-22593 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 6.5 | 2022-03-18 | CVE-2022-22592 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. |
| 8.8 | 2022-03-18 | CVE-2022-22590 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 6.1 | 2022-03-18 | CVE-2022-22589 | A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. |
| 7.5 | 2022-03-18 | CVE-2022-22585 | An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files. |
| 7.8 | 2022-03-18 | CVE-2022-22584 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 27% (229) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 19% (163) | CWE-787 | Out-of-bounds Write |
| 12% (104) | CWE-125 | Out-of-bounds Read |
| 7% (66) | CWE-20 | Improper Input Validation |
| 6% (54) | CWE-416 | Use After Free |
| 4% (38) | CWE-200 | Information Exposure |
| 2% (23) | CWE-362 | Race Condition |
| 2% (23) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 1% (15) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 1% (13) | CWE-190 | Integer Overflow or Wraparound |
| 1% (10) | CWE-476 | NULL Pointer Dereference |
| 1% (9) | CWE-665 | Improper Initialization |
| 1% (9) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 0% (8) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (8) | CWE-269 | Improper Privilege Management |
| 0% (6) | CWE-295 | Certificate Issues |
| 0% (6) | CWE-264 | Permissions, Privileges, and Access Controls |
| 0% (5) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 0% (5) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (4) | CWE-399 | Resource Management Errors |
| 0% (3) | CWE-704 | Incorrect Type Conversion or Cast |
| 0% (3) | CWE-287 | Improper Authentication |
| 0% (2) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 0% (2) | CWE-667 | Insufficient Locking |
| 0% (2) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-11-18 | Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt RuleID : 56009 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-11-18 | Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt RuleID : 56008 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54666 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54665 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-04-21 | Apple Safari browser putToPrimitive cross-site scripting attempt RuleID : 53479 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit type confusion attempt RuleID : 53478 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit type confusion attempt RuleID : 53477 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari browser putToPrimitive cross-site scripting attempt RuleID : 53476 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52314 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52313 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-12-17 | Apple Safari WebKit handleIntrinsicCall type confusion attempt RuleID : 52245 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-12-17 | Apple Safari WebKit handleIntrinsicCall type confusion attempt RuleID : 52244 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-10-08 | Apple Safari memory corruption attempt RuleID : 51416 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2019-10-08 | Apple Safari memory corruption attempt RuleID : 51415 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2019-10-01 | WebKit GetIndexedPropertyStorage memory corruption attempt RuleID : 51386 - Type : BROWSER-WEBKIT - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1633.nasl - Type: ACT_GATHER_INFO |
| 2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-118b9abf99.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-1a8582a7ee.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-499f2dbc96.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e2e8a07a01.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO |
| 2018-12-19 | Name: An application installed on remote host is affected by multiple vulnerabilities File: itunes_12_9_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari12_0_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-03 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201812-04.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari12_0_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO |
| 2018-10-18 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_8_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_banner.nasl - Type: ACT_GATHER_INFO |
