Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2017-11-12 |
| Product | Watchos | Last view | 2020-06-09 |
| Version | 4.0 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:watchos | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2020-06-09 | CVE-2020-9852 | An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 9.8 | 2020-06-09 | CVE-2020-9850 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. |
| 6.1 | 2020-06-09 | CVE-2020-9843 | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. |
| 5.5 | 2020-06-09 | CVE-2020-9842 | This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to use arbitrary entitlements. |
| 7 | 2020-06-09 | CVE-2020-9839 | A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. |
| 6.5 | 2020-06-09 | CVE-2020-9829 | A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service. |
| 7.5 | 2020-06-09 | CVE-2020-9827 | A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. |
| 7.8 | 2020-06-09 | CVE-2020-9821 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 4.3 | 2020-06-09 | CVE-2020-9819 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption. |
| 8.8 | 2020-06-09 | CVE-2020-9818 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. |
| 7.8 | 2020-06-09 | CVE-2020-9816 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. |
| 7.8 | 2020-06-09 | CVE-2020-9815 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. |
| 7.8 | 2020-06-09 | CVE-2020-9814 | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2020-06-09 | CVE-2020-9813 | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 5.5 | 2020-06-09 | CVE-2020-9812 | An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory. |
| 5.5 | 2020-06-09 | CVE-2020-9811 | An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory. |
| 5.5 | 2020-06-09 | CVE-2020-9809 | An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout. |
| 7.1 | 2020-06-09 | CVE-2020-9808 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory. |
| 8.8 | 2020-06-09 | CVE-2020-9807 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 8.8 | 2020-06-09 | CVE-2020-9806 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 6.1 | 2020-06-09 | CVE-2020-9805 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. |
| 8.8 | 2020-06-09 | CVE-2020-9803 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 8.8 | 2020-06-09 | CVE-2020-9802 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 8.8 | 2020-06-09 | CVE-2020-9800 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 5.5 | 2020-06-09 | CVE-2020-9797 | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (162) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 12% (41) | CWE-20 | Improper Input Validation |
| 9% (32) | CWE-125 | Out-of-bounds Read |
| 7% (24) | CWE-200 | Information Exposure |
| 3% (10) | CWE-362 | Race Condition |
| 2% (8) | CWE-416 | Use After Free |
| 1% (6) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 1% (5) | CWE-704 | Incorrect Type Conversion or Cast |
| 1% (5) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 1% (4) | CWE-787 | Out-of-bounds Write |
| 1% (4) | CWE-190 | Integer Overflow or Wraparound |
| 0% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 0% (2) | CWE-295 | Certificate Issues |
| 0% (2) | CWE-269 | Improper Privilege Management |
| 0% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 0% (1) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (1) | CWE-665 | Improper Initialization |
| 0% (1) | CWE-617 | Reachable Assertion |
| 0% (1) | CWE-613 | Insufficient Session Expiration |
| 0% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| 0% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 0% (1) | CWE-399 | Resource Management Errors |
| 0% (1) | CWE-306 | Missing Authentication for Critical Function |
| 0% (1) | CWE-281 | Improper Preservation of Permissions |
| 0% (1) | CWE-276 | Incorrect Default Permissions |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-04-21 | Apple Safari browser putToPrimitive cross-site scripting attempt RuleID : 53479 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit type confusion attempt RuleID : 53478 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit type confusion attempt RuleID : 53477 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari browser putToPrimitive cross-site scripting attempt RuleID : 53476 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52314 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52313 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-12-17 | Apple Safari WebKit handleIntrinsicCall type confusion attempt RuleID : 52245 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-12-17 | Apple Safari WebKit handleIntrinsicCall type confusion attempt RuleID : 52244 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-10-08 | Apple Safari memory corruption attempt RuleID : 51416 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2019-10-08 | Apple Safari memory corruption attempt RuleID : 51415 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2019-10-01 | WebKit GetIndexedPropertyStorage memory corruption attempt RuleID : 51386 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-10-01 | WebKit GetIndexedPropertyStorage memory corruption attempt RuleID : 51385 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-10-01 | Apple WebKit JSArray component out-of-bounds access RuleID : 51382 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-10-01 | Apple WebKit JSArray component out-of-bounds access RuleID : 51381 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2018-08-04 | Microsoft Edge proxy object type confusion attempt RuleID : 47083 - Type : BROWSER-IE - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e2e8a07a01.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-499f2dbc96.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-1a8582a7ee.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-118b9abf99.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO |
| 2018-12-19 | Name: An application installed on remote host is affected by multiple vulnerabilities File: itunes_12_9_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari12_0_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-03 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201812-04.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari12_0_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO |
| 2018-10-18 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_8_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-09-24 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4a16e37c81.nasl - Type: ACT_GATHER_INFO |
| 2018-09-20 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_safari12.nasl - Type: ACT_GATHER_INFO |
| 2018-09-18 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12.nasl - Type: ACT_GATHER_INFO |
