About the security content of watchOS 11

This document describes the security content of watchOS 11.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

watchOS 11

Accessibility

Available for: Apple Watch Series 6 and later

Impact: An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features

Description: This issue was addressed through improved state management.

CVE-2024-44171: Jake Derouin

Game Center

Available for: Apple Watch Series 6 and later

Impact: An app may be able to access user-sensitive data

Description: A file access issue was addressed with improved input validation.

CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

ImageIO

Available for: Apple Watch Series 6 and later

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2024-27880: Junsung Lee

ImageIO

Available for: Apple Watch Series 6 and later

Impact: Processing an image may lead to a denial-of-service

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero Day Initiative, an anonymous researcher

IOSurfaceAccelerator

Available for: Apple Watch Series 6 and later

Impact: An app may be able to cause unexpected system termination

Description: The issue was addressed with improved memory handling.

CVE-2024-44169: Antonio Zekić

Kernel

Available for: Apple Watch Series 6 and later

Impact: An app may gain unauthorized access to Bluetooth

Description: This issue was addressed through improved state management.

CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef

libxml2

Available for: Apple Watch Series 6 and later

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: An integer overflow was addressed through improved input validation.

CVE-2024-44198: OSS-Fuzz, Ned Williamson of Google Project Zero

mDNSResponder

Available for: Apple Watch Series 6 and later

Impact: An app may be able to cause a denial-of-service

Description: A logic error was addressed with improved error handling.

CVE-2024-44183: Olivier Levon

Safari

Available for: Apple Watch Series 6 and later

Impact: Maliciously crafted web content may violate iframe sandboxing policy

Description: A custom URL scheme handling issue was addressed with improved input validation.

CVE-2024-44155: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)

SceneKit

Available for: Apple Watch Series 6 and later

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: A buffer overflow was addressed with improved size validation.

CVE-2024-44144: 냥냥

Siri

Available for: Apple Watch Series 6 and later

Impact: An app may be able to access user-sensitive data

Description: A privacy issue was addressed by moving sensitive data to a more secure location.

CVE-2024-44170: K宝, LFY (@secsys), Smi1e, yulige, Cristian Dinca (icmd.tech), Rodolphe BRUNETTI (@eisw0lf)

WebKit

Available for: Apple Watch Series 6 and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: This issue was addressed through improved state management.

CVE-2024-40857: Ron Masas

WebKit

Available for: Apple Watch Series 6 and later

Impact: A malicious website may exfiltrate data cross-origin

Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins.

CVE-2024-44187: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)

Additional recognition

Kernel

We would like to acknowledge Braxton Anderson, Fakhri Zulkifli (@d0lph1n98) of PixiePoint Security for their assistance.

Maps

We would like to acknowledge Kirin (@Pwnrin) for their assistance.

Shortcuts

We would like to acknowledge Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania, Jacob Braun, an anonymous researcher for their assistance.

Siri

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India, Rohan Paudel, an anonymous researcher for their assistance.

Voice Memos

We would like to acknowledge Lisa B for their assistance.

WebKit

We would like to acknowledge Avi Lumelsky of Oligo Security, Uri Katz of Oligo Security, Eli Grey (eligrey.com), Johan Carlsson (joaxcar) for their assistance.