Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Apple Safari Vulnerabilities
October 27, 2023
Rewterz
Rewterz Threat Advisory – Multiple Apple macOS Vulnerabilities
October 27, 2023

Rewterz Threat Advisory – Multiple Apple watchOS Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-40413 CVSS:5.5

Apple watchOS could allow a local attacker to obtain sensitive information, caused by an issue in the Find My component. By using a specially crafted application, an attacker could exploit this vulnerability to read sensitive location information.

CVE-2023-42849 CVSS:5.5

Apple watchOS could allow a local attacker to bypass security restrictions, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to bypass kernel memory mitigations.

CVE-2023-40408 CVSS:5.5

Apple watchOS could allow a local attacker to bypass security restrictions, caused by an inconsistent user interface issue in the Mail Drafts component. By using a specially crafted application, an attacker could exploit this vulnerability to deactivate Hide My Email unexpectedly.

CVE-2023-42846 CVSS:5.5

Apple watchOS could allow a local attacker to bypass security restrictions, caused by an issue in the mDNSResponder component. By using a specially crafted application, an attacker could exploit this vulnerability to passively track a device by its Wi-Fi MAC address.

CVE-2023-41982 CVSS:5.5

Apple watchOS could allow a local attacker to obtain sensitive information, caused by an issue in the Siri component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.

CVE-2023-41997 CVSS:5.5

Apple watchOS could allow a local attacker to obtain sensitive information, caused by an issue in the Siri component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.

CVE-2023-41988 CVSS:5.5

Apple watchOS could allow a local attacker to obtain sensitive information, caused by an issue in the Siri component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.

CVE-2023-41254 CVSS:5.5

Apple watchOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Weather component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.

Impact

  • Security Bypass
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2023-40413
  • CVE-2023-42849
  • CVE-2023-40408
  • CVE-2023-42846
  • CVE-2023-41982
  • CVE-2023-41997
  • CVE-2023-41988
  • CVE-2023-41254

Affected Vendors

Apple

Affected Products

  • Apple watchOS 10.0.0

Remediation

Refer to Apple Security Advisory for patch, upgrade or suggested workaround information.

Apple Security Advisory