Multiple vulnerabilities in Apple watchOS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 21 |
| CVE-ID | CVE-2018-4398 CVE-2018-4384 CVE-2018-4394 CVE-2018-4371 CVE-2018-4420 CVE-2018-4413 CVE-2018-4419 CVE-2018-4369 CVE-2018-4374 CVE-2018-4377 CVE-2018-4400 CVE-2018-4378 CVE-2018-4368 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 |
| CWE-ID | CWE-200 CWE-119 CWE-122 CWE-125 CWE-401 CWE-79 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #19 is available. Public exploit code for vulnerability #21 is available. |
| Vulnerable software Subscribe |
watchOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 21 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU15621
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4398
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in the Miller-Rabin primality test. A remote attacker can incorrectly identify prime numbers.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU15641
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4384
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error in AppleAVD component when handling malicious input. A remote attacker can trick the victim into processing malicious video via FaceTime, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU15628
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4394
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to boundary error in ICU component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted string, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU15633
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4371
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to out-of-bounds read in IPSec component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU15598
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4420
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU15635
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4413
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
Description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and read restricted memory.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU15600
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4419
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in Kernel component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU15638
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4369
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to memory leak in NetworkExtension component. A remote attacker can connect to a VPN server and access DNS queries from a DNS proxy.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Cross-site scripting
EUVDB-ID: #VU15662
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4374
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Cross-site scripting
EUVDB-ID: #VU15663
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4377
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU15613
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4400
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error in Security component when processing a malicious input. A remote attacker can supply a specially crafted S/MIME signed message and cause the service to crash.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory corruption
EUVDB-ID: #VU15666
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4378
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error in WebKit component when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU15615
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4368
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to an error in WiFi component when handling malicious input. A remote attacker can supply a specially crafted input and cause the service to crash.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory corruption
EUVDB-ID: #VU15647
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4372
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error in WebKit component when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory corruption
EUVDB-ID: #VU15648
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4373
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error in WebKit component when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory corruption
EUVDB-ID: #VU15649
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4375
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error in WebKit component when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory corruption
EUVDB-ID: #VU15646
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4376
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error in WebKit component when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory corruption
EUVDB-ID: #VU15650
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4382
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error in WebKit component when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory corruption
EUVDB-ID: #VU15651
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-4386
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error in WebKit component when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
20) Memory corruption
EUVDB-ID: #VU15652
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4392
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error in WebKit component when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Memory corruption
EUVDB-ID: #VU15653
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-4416
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error in WebKit component when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 5.1.
Vulnerable software versionswatchOS: 5.0 - 5.0.1
External linkshttp://support.apple.com/en-gb/HT209195
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
