This document describes the security content of watchOS 11.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released September 16, 2024
Available for: Apple Watch Series 6 and later
Impact: An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features
Description: This issue was addressed through improved state management.
CVE-2024-44171: Jake Derouin (jakederouin.com)
Entry updated March 3, 2025
Available for: Apple Watch Series 6 and later
Impact: An app may be able to access user-sensitive data
Description: A file access issue was addressed with improved input validation.
CVE-2024-40850: Denis Tokarev (@illusionofcha0s)
Available for: Apple Watch Series 6 and later
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: An out-of-bounds read issue was addressed with improved input validation.
CVE-2024-27880: Junsung Lee
Available for: Apple Watch Series 6 and later
Impact: Processing an image may lead to a denial-of-service
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero Day Initiative, an anonymous researcher
Available for: Apple Watch Series 6 and later
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2024-44169: Antonio Zekić
Available for: Apple Watch Series 6 and later
Impact: An app may gain unauthorized access to Bluetooth
Description: This issue was addressed through improved state management.
CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef
Available for: Apple Watch Series 6 and later
Impact: A malicious app may be able to modify other apps without having App Management permission
Description: A logic issue was addressed with improved checks.
CVE-2024-54560: Kirin (@Pwnrin), Jeff Johnson (underpassapp.com)
Entry added March 3, 2025
Available for: Apple Watch Series 6 and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: An integer overflow was addressed through improved input validation.
CVE-2024-44198: OSS-Fuzz, Ned Williamson of Google Project Zero
Available for: Apple Watch Series 6 and later
Impact: An app may be able to cause a denial-of-service
Description: A logic error was addressed with improved error handling.
CVE-2024-44183: Olivier Levon
Available for: Apple Watch Series 6 and later
Impact: Maliciously crafted web content may violate iframe sandboxing policy
Description: A custom URL scheme handling issue was addressed with improved input validation.
CVE-2024-44155: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)
Entry added October 28, 2024
Available for: Apple Watch Series 6 and later
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: A buffer overflow was addressed with improved size validation.
CVE-2024-44144: 냥냥
Entry added October 28, 2024
Available for: Apple Watch Series 6 and later
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed by moving sensitive data to a more secure location.
CVE-2024-44170: K宝, LFY (@secsys), Smi1e, yulige, Cristian Dinca (icmd.tech), Rodolphe BRUNETTI (@eisw0lf)
Available for: Apple Watch Series 6 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A cookie management issue was addressed with improved state management.
WebKit Bugzilla: 287874
CVE-2024-54467: Narendra Bhati, Manager of Cyber Security At Suma Soft Pvt. Ltd, Pune (India)
Entry added March 3, 2025
Available for: Apple Watch Series 6 and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 268770
CVE-2024-44192: Tashita Software Security
Entry added March 3, 2025
Available for: Apple Watch Series 6 and later
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 268724
CVE-2024-40857: Ron Masas
Available for: Apple Watch Series 6 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins.
WebKit Bugzilla: 279452
CVE-2024-44187: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)
We would like to acknowledge Pietro Francesco Tirenna, Davide Silvetti, Abdel Adim Oisfi of Shielder (shielder.com) for their assistance.
Entry added March 3, 2025
We would like to acknowledge Braxton Anderson, Fakhri Zulkifli (@d0lph1n98) of PixiePoint Security for their assistance.
We would like to acknowledge Kirin (@Pwnrin) for their assistance.
We would like to acknowledge Junior Vergara for their assistance.
Entry added March 3, 2025
We would like to acknowledge Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania, Jacob Braun, an anonymous researcher for their assistance.
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India, Rohan Paudel, an anonymous researcher for their assistance.
Entry updated October 28, 2024
We would like to acknowledge Lisa B for their assistance.
We would like to acknowledge Avi Lumelsky of Oligo Security, Uri Katz of Oligo Security, Eli Grey (eligrey.com), Johan Carlsson (joaxcar) for their assistance.
Entry updated October 28, 2024