About the security content of watchOS 10

This document describes the security content of watchOS 10.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

watchOS 10

App Store

Available for: Apple Watch Series 4 and later

Impact: A remote attacker may be able to break out of Web Content sandbox

Description: The issue was addressed with improved handling of protocols.

CVE-2023-40448: w0wbox

Apple Neural Engine

Available for devices with Apple Neural Engine: Apple Watch Series 9 and Apple Watch Ultra 2

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-40432: Mohamed GHANNAM (@_simo36)

CVE-2023-41174: Mohamed GHANNAM (@_simo36)

CVE-2023-40409: Ye Zhang (@VAR10CK) of Baidu Security

CVE-2023-40412: Mohamed GHANNAM (@_simo36)

Apple Neural Engine

Available for devices with Apple Neural Engine: Apple Watch Series 9 and Apple Watch Ultra 2

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-41071: Mohamed GHANNAM (@_simo36)

Apple Neural Engine

Available for devices with Apple Neural Engine: Apple Watch Series 9 and Apple Watch Ultra 2

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2023-40399: Mohamed GHANNAM (@_simo36)

Apple Neural Engine

Available for devices with Apple Neural Engine: Apple Watch Series 9 and Apple Watch Ultra 2

Impact: An app may be able to disclose kernel memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-40410: Tim Michaud (@TimGMichaud) of Moveworks.ai

AuthKit

Available for: Apple Watch Series 4 and later

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved handling of caches.

CVE-2023-32361: Csaba Fitzl (@theevilbit) of Offensive Security

Bluetooth

Available for: Apple Watch Series 4 and later

Impact: An attacker in physical proximity can cause a limited out of bounds write

Description: The issue was addressed with improved checks.

CVE-2023-35984: zer0k

bootp

Available for: Apple Watch Series 4 and later

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-41065: Adam M., and Noah Roskin-Frazee and Professor Jason Lau (ZeroClicks.ai Lab)

CFNetwork

Available for: Apple Watch Series 4 and later

Impact: An app may fail to enforce App Transport Security

Description: The issue was addressed with improved handling of protocols.

CVE-2023-38596: Will Brattain at Trail of Bits

CoreAnimation

Available for: Apple Watch Series 4 and later

Impact: Processing web content may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2023-40420: 이준성(Junsung Lee) of Cross Republic

Core Data

Available for: Apple Watch Series 4 and later

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-40528: Kirin (@Pwnrin) of NorthSea

Dev Tools

Available for: Apple Watch Series 4 and later

Impact: An app may be able to gain elevated privileges

Description: This issue was addressed with improved checks.

CVE-2023-32396: Mickey Jin (@patch1t)

Game Center

Available for: Apple Watch Series 4 and later

Impact: An app may be able to access contacts

Description: The issue was addressed with improved handling of caches.

CVE-2023-40395: Csaba Fitzl (@theevilbit) of Offensive Security

IOUserEthernet

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-40396: Certik Skyfall Team

Kernel

Available for: Apple Watch Series 4 and later

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: The issue was addressed with improved memory handling.

CVE-2023-41981: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-41984: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.

Kernel

Available for: Apple Watch Series 4 and later

Impact: An app may be able to access sensitive user data

Description: A permissions issue was addressed with improved validation.

CVE-2023-40429: Michael (Biscuit) Thomas and 张师傅(@京东蓝军)

libpcap

Available for: Apple Watch Series 4 and later

Impact: A remote user may cause an unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2023-40400: Sei K.

libxpc

Available for: Apple Watch Series 4 and later

Impact: An app may be able to delete files for which it does not have permission

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-40454: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)

libxpc

Available for: Apple Watch Series 4 and later

Impact: An app may be able to access protected user data

Description: An authorization issue was addressed with improved state management.

CVE-2023-41073: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)

libxslt

Available for: Apple Watch Series 4 and later

Impact: Processing web content may disclose sensitive information

Description: The issue was addressed with improved memory handling.

CVE-2023-40403: Dohyun Lee (@l33d0hyun) of PK Security

Maps

Available for: Apple Watch Series 4 and later

Impact: An app may be able to read sensitive location information

Description: The issue was addressed with improved handling of caches.

CVE-2023-40427: Adam M., and Wojciech Regula of SecuRing (wojciechregula.blog)

Maps

Available for: Apple Watch Series 4 and later

Impact: An app may be able to read sensitive location information

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-42957: Adam M., and Ron Masas of BreakPoint Security Research

MobileStorageMounter

Available for: Apple Watch Series 4 and later

Impact: A user may be able to elevate privileges

Description: An access issue was addressed with improved access restrictions.

CVE-2023-41068: Mickey Jin (@patch1t)

Passcode

Available for: Apple Watch Ultra (all models)

Impact: An Apple Watch Ultra may not lock when using the Depth app

Description: An authentication issue was addressed with improved state management.

CVE-2023-40418: serkan Gurbuz

Photos

Available for: Apple Watch Series 4 and later

Impact: An app may be able to access edited photos saved to a temporary directory

Description: This issue was addressed with improved data protection.

CVE-2023-42949: Kirin (@Pwnrin)

Photos Storage

Available for: Apple Watch Series 4 and later

Impact: An app may be able to access edited photos saved to a temporary directory

Description: The issue was addressed with improved checks.

CVE-2023-40456: Kirin (@Pwnrin)

CVE-2023-40520: Kirin (@Pwnrin)

Safari

Available for: Apple Watch Series 4 and later

Impact: An app may be able to identify what other apps a user has installed

Description: The issue was addressed with improved checks.

CVE-2023-35990: Adriatik Raci of Sentry Cybersecurity

Safari

Available for: Apple Watch Series 4 and later

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: A window management issue was addressed with improved state management.

CVE-2023-40417: Narendra Bhati (twitter.com/imnarendrabhati) of Suma Soft Pvt. Ltd, Pune (India)

Sandbox

Available for: Apple Watch Series 4 and later

Impact: An app may be able to overwrite arbitrary files

Description: The issue was addressed with improved bounds checks.

CVE-2023-40452: Yiğit Can YILMAZ (@yilmazcanyigit)

Share Sheet

Available for: Apple Watch Series 4 and later

Impact: An app may be able to access sensitive data logged when a user shares a link

Description: A logic issue was addressed with improved checks.

CVE-2023-41070: Kirin (@Pwnrin)

Simulator

Available for: Apple Watch Series 4 and later

Impact: An app may be able to gain elevated privileges

Description: The issue was addressed with improved checks.

CVE-2023-40419: Arsenii Kostromin (0x3c3e)

StorageKit

Available for: Apple Watch Series 4 and later

Impact: An app may be able to read arbitrary files

Description: This issue was addressed with improved validation of symlinks.

CVE-2023-41968: Mickey Jin (@patch1t) and James Hutchins

TCC

Available for: Apple Watch Series 4 and later

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved checks.

CVE-2023-40424: Arsenii Kostromin (0x3c3e), Joshua Jewett (@JoshJewett33), and Csaba Fitzl (@theevilbit) of Offensive Security

WebKit

Available for: Apple Watch Series 4 and later

Impact: Processing web content may lead to arbitrary code execution

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-39434: Francisco Alonso (@revskills), and Dohyun Lee (@l33d0hyun) of PK Security

CVE-2023-40414: Francisco Alonso (@revskills)

WebKit

Available for: Apple Watch Series 4 and later

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved checks.

CVE-2023-41074: 이준성(Junsung Lee) of Cross Republic and Jie Ding(@Lime) from HKUS3 Lab

WebKit

Available for: Apple Watch Series 4 and later

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-35074: Ajou University Abysslab Dong Jun Kim(@smlijun) and Jong Seong Kim(@nevul37)

Additional recognition

Airport

We would like to acknowledge Adam M., and Noah Roskin-Frazee and Professor Jason Lau (ZeroClicks.ai Lab) for their assistance.

Audio

We would like to acknowledge Mickey Jin (@patch1t) for their assistance.

Bluetooth

We would like to acknowledge Jianjun Dai and Guang Gong of 360 Vulnerability Research Institute for their assistance.

Books

We would like to acknowledge Aapo Oksman of Nixu Cybersecurity for their assistance.

Control Center

We would like to acknowledge Chester van den Bogaard for their assistance.

Data Detectors UI

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal for their assistance.

Find My

We would like to acknowledge Cher Scarlett for their assistance.

Home

We would like to acknowledge Jake Derouin (jakederouin.com) for their assistance.

IOUserEthernet

We would like to acknowledge Certik Skyfall Team for their assistance.

Kernel

We would like to acknowledge Bill Marczak of The Citizen Lab at The University of Toronto's Munk School, Maddie Stone of Google's Threat Analysis Group, and 永超 王 for their assistance.

libxml2

We would like to acknowledge OSS-Fuzz, and Ned Williamson of Google Project Zero for their assistance.

libxpc

We would like to acknowledge an anonymous researcher for their assistance.

libxslt

We would like to acknowledge Dohyun Lee (@l33d0hyun) of PK Security, OSS-Fuzz, and Ned Williamson of Google Project Zero for their assistance.

NSURL

We would like to acknowledge Zhanpeng Zhao (行之) and 糖豆爸爸(@晴天组织) for their assistance.

Photos

We would like to acknowledge Anatolii Kozlov, Dawid Pałuska, Lyndon Cornelius, and Paul Lurin for their assistance.

Photos Storage

We would like to acknowledge Wojciech Regula of SecuRing (wojciechregula.blog) for their assistance.

Power Services

We would like to acknowledge Mickey Jin (@patch1t) for their assistance.

Shortcuts

We would like to acknowledge Alfie CG, Christian Basting of Bundesamt für Sicherheit in der Informationstechnik, Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania, Giorgos Christodoulidis, Jubaer Alnazi of TRS Group Of Companies, KRISHAN KANT DWIVEDI (@xenonx7), and Matthew Butler for their assistance.

Software Update

We would like to acknowledge Omar Siman for their assistance.

StorageKit

We would like to acknowledge Mickey Jin (@patch1t) for their assistance.

WebKit

We would like to acknowledge Khiem Tran, Narendra Bhati From Suma Soft Pvt. Ltd, and an anonymous researcher for their assistance.