SB20250402145 - Multiple vulnerabilities in Apple watchOS
Published: April 2, 2025 Updated: November 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 52 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2025-30438)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions in Share Sheet. A local application can dismiss the system notification on the Lock Screen that a recording was started.
2) Link following (CVE-ID: CVE-2025-31182)
The vulnerability allows a local application to gain delete arbitrary files on the system.
The
vulnerability exists due to insecure symbolic link following in libxpc. A local application can delete files from the system it does not have access to.
3) Improper access control (CVE-ID: CVE-2025-24238)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in libxpc. A local application can gain elevated privileges.
4) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-30470)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect handling of path names in Maps. A local application can read sensitive location information.
5) Improper access control (CVE-ID: CVE-2025-30426)
The vulnerability allows a local application to enumerate installed apps on device.
The vulnerability exists due to improper access restrictions in NetworkExtension. A local application can enumerate a user's installed apps.
6) Improper access control (CVE-ID: CVE-2025-24173)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Power Services. A local application can break out of its sandbox.
7) Spoofing attack (CVE-ID: CVE-2025-24113)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Safari. A remote attacker can trick the victim into visiting a specially crafted website and spoof the page content.
8) Spoofing attack (CVE-ID: CVE-2025-30467)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Safari. A remote attacker can trick the victim into clicking on a specially crafted URL and spoof the address bar.
9) Protection Mechanism Failure (CVE-ID: CVE-2025-24167)
The vulnerability allows a remote attacker can bypass implemented security restrictions.
The
vulnerability exists due to a state management issue. A remote attacker
can trick the victim into visiting a specially crafted website and incorrectly associate the download's origin.
10) Input validation error (CVE-ID: CVE-2025-30471)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Security component. A remote attacker can pass specially crafted input to the system and perform a denial of service (DoS) attack.
11) Improper access control (CVE-ID: CVE-2025-30433)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Shortcuts. A local application can access files that are normally inaccessible to the Shortcuts app.
12) Use-after-free (CVE-ID: CVE-2024-56171)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the xmlSchemaIDCFillNodeTables() and xmlSchemaBubbleIDCNodeTables() functions in xmlschemas.c. A remote attacker can pass specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
13) Improper access control (CVE-ID: CVE-2025-31183)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Siri. A local application can access sensitive user data.
14) Information exposure (CVE-ID: CVE-2025-24217)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to excessive data output in Siri. A local application can access sensitive user data.
15) Information exposure through log files (CVE-ID: CVE-2025-24214)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in Siri. A local application can access sensitive user data.
16) Memory corruption (CVE-ID: CVE-2025-24264)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.
17) Memory corruption (CVE-ID: CVE-2025-24216)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.
18) Type confusion (CVE-ID: CVE-2025-24213)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error. A remote attacker can trick the victim into visiting a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Memory corruption (CVE-ID: CVE-2025-24209)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected process crash.
20) Use after free (CVE-ID: CVE-2025-30427)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.
21) Information disclosure (CVE-ID: CVE-2025-30425)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a state management issue. A remote attacker can track users in Safari private browsing mode.
22) State issues (CVE-ID: CVE-2025-24178)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a state management issue in libxpc. A local application can break out of its sandbox.
23) NULL pointer dereference (CVE-ID: CVE-2025-27113)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xmlPatMatch() function in pattern.c. A remote attacker can pass specially crafted XML document to the affected application and perform a denial of service (DoS) attack.
24) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24097)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a permissions issue in AirDrop. A local application can read arbitrary file metadata.
25) Buffer overflow (CVE-ID: CVE-2025-24190)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in CoreMedia. A remote attacker can create a specially crafted MP4 file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system in the context of the WebKit GPU process.
26) Out-of-bounds read (CVE-ID: CVE-2025-24244)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Audio when handling font files. A remote attacker can create a specially crafted WAV file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
27) Buffer overflow (CVE-ID: CVE-2025-24243)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Audio. A remote attacker can create a specially crafted AMR file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) State Issues (CVE-ID: CVE-2025-30430)
The vulnerability allows an attacker to gain unauthorized access to third-party services.
The vulnerability exists in Authentication Services due to software autofill passwords after failing authentication. An attacker with physical access to the system can login to a third-party application using credentials provided by Authentication Services.
29) Security features bypass (CVE-ID: CVE-2025-24180)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in Authentication Services due to insufficient input validation. A remote attacker can trick the victim into visiting a specially crafted website that is able to claim WebAuthn credentials from another website that shares a registrable suffix.
30) Buffer overflow (CVE-ID: CVE-2025-24237)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in BiometricKit. A local application can trigger a buffer overflow and terminate the system.
31) Path traversal (CVE-ID: CVE-2025-30429)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to input validation error when processing filenames in Calendar. A local application can break out of its sandbox.
32) Input validation error (CVE-ID: CVE-2025-24212)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of untrusted input in Calendar. A local application can break out of its sandbox.
33) Input validation error (CVE-ID: CVE-2025-24163)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CoreAudio. A remote attacker can trick the victim into opening a specially crafted media file and perform a denial of service (DoS) attack.
34) Out-of-bounds read (CVE-ID: CVE-2025-24230)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in CoreAudio. A remote attacker can create a specially crafted MP4 file, trick the victim into playing it, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
35) Path traversal (CVE-ID: CVE-2025-30454)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to input validation error in CoreMedia Playback when handling file names. A local application can access private information.
36) Improper access control (CVE-ID: CVE-2025-24194)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in libnetcore. A remote attacker can trick the victim into opening a specially crafted file and gain access to sensitive information.
37) Information disclosure (CVE-ID: CVE-2025-31191)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a state issue in CoreServices. A local application can access sensitive user data.
38) Out-of-bounds read (CVE-ID: CVE-2025-24182)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in CoreText when handling font files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
39) Comparison using wrong factors (CVE-ID: CVE-2024-9681)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error in HSTS cache implementation. When curl is asked to use HSTS, the expiry time for a subdomain can overwrite a parent domain's cache entry, making it end sooner or later
than otherwise intended. This can lead to situations when the website becomes unavailable or force the client to switch to HTTP from HTTP connection earlier than intended.
40) Improper access control (CVE-ID: CVE-2025-30439)
The vulnerability allows an attacker with physical access to the system to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Focus. An attacker with physical access to the system can view sensitive user information.
41) Information exposure through log files (CVE-ID: CVE-2025-24283)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in Focus. A local application can access sensitive user data.
42) Information exposure through log files (CVE-ID: CVE-2025-30447)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in Foundation. A local application can access sensitive user data.
43) Out-of-bounds read (CVE-ID: CVE-2025-24210)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreGraphics framework. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
44) Out-of-bounds write (CVE-ID: CVE-2025-24257)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an out-of-bounds write in IOGPUFamily. A local application can cause unexpected system termination or write kernel memory.
45) State Issues (CVE-ID: CVE-2025-30432)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to an state management error in OS kernel. An attacker with physical access to device and having a malicious app installed on the it can attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.
46) Out-of-bounds read (CVE-ID: CVE-2024-48958)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the execute_filter_delta() function in archive_read_support_format_rar.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
47) Out-of-bounds write (CVE-ID: CVE-2025-24201)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
48) Input validation error (CVE-ID: CVE-2025-24251)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in AirPlay. A remote attacker on the local network can send specially crafted input to the system and perform a denial of service (DoS) attack.
49) Integer overflow (CVE-ID: CVE-2025-31203)
The vulnerability allows a remote attacker on the local network to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in CoreUtils. A remote attacker on the local network can send specially crafted input to the system, trigger an integer overflow and perform a denial-of-service attack.
50) Improper input validation (CVE-ID: CVE-2025-31196)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in CoreGraphics. A remote attacker can trick the victim into opening a specially crafted file and perform a denial-of-service or potentially disclose memory contents.
51) Out-of-bounds read (CVE-ID: CVE-2025-43205)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Audio component. A local application can trigger an out-of-bounds read error and read contents of memory on the system, which can lead to ASLR bypass.
52) Improper access control (CVE-ID: CVE-2025-24203)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Kernel. A local application can modify protected parts of the file system.
Remediation
Install update from vendor's website.