Severity
Medium
Analysis Summary
CVE-2023-42899 CVSS:8.8
Apple watchOS could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the ImageIO component. By persuading a victim to view a specially crafted image, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVE-2023-42914 CVSS:5.5
Apple watchOS could allow a local attacker to bypass security restrictions, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to break out of its sandbox.
CVE-2023-42919 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Accounts component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.
Impact
- Code Execution
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-42899
- CVE-2023-42914
- CVE-2023-42919
Affected Vendors
Apple
Affected Products
- Apple watchOS 10.1
- Apple iOS 16.7.2
- Apple iPadOS 16.7.2
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.