About the security content of watchOS 8.7

This document describes the security content of watchOS 8.7.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

watchOS 8.7

APFS

Available for: Apple Watch Series 3 and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32832: Tommy Muir (@Muirey03)

AppleAVD

Available for: Apple Watch Series 3 and later

Impact: A remote user may be able to cause kernel code execution

Description: A buffer overflow issue was addressed with improved bounds checking.

CVE-2022-32788: Natalie Silvanovich of Google Project Zero

AppleAVD

Available for: Apple Watch Series 3 and later

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)

AppleMobileFileIntegrity

Available for: Apple Watch Series 3 and later

Impact: An app may be able to gain root privileges

Description: An authorization issue was addressed with improved state management.

CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

Apple Neural Engine

Available for devices with Apple Neural Engine: Apple Watch Series 4 and later

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with improved checks.

CVE-2022-32845: Mohamed Ghannam (@_simo36)

Apple Neural Engine

Available for devices with Apple Neural Engine: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32840: Mohamed Ghannam (@_simo36)

Apple Neural Engine

Available for devices with Apple Neural Engine: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32810: Mohamed Ghannam (@_simo36)

Audio

Available for: Apple Watch Series 3 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-32820: an anonymous researcher

Audio

Available for: Apple Watch Series 3 and later

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32825: John Aakerblom (@jaakerblom)

CoreText

Available for: Apple Watch Series 3 and later

Impact: A remote user may cause an unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved bounds checks.

CVE-2022-32839: STAR Labs (@starlabs_sg)

File System Events

Available for: Apple Watch Series 3 and later

Impact: An app may be able to gain root privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-32819: Joshua Mason of Mandiant

GPU Drivers

Available for: Apple Watch Series 3 and later

Impact: An app may be able to disclose kernel memory

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2022-32793: an anonymous researcher

GPU Drivers

Available for: Apple Watch Series 3 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-32821: John Aakerblom (@jaakerblom)

ICU

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

ImageIO

Available for: Apple Watch Series 3 and later

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32841: hjy79425575

JavaScriptCore

Available for: Apple Watch Series 3 and later

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved bounds checks.

CVE-2022-48503: Dongzhuo Zhao working with ADLab of Venustech, and ZhaoHai of Cyberpeace Tech Co., Ltd.

Kernel

Available for: Apple Watch Series 3 and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32813: Xinru Chi of Pangu Lab

CVE-2022-32815: Xinru Chi of Pangu Lab

Kernel

Available for: Apple Watch Series 3 and later

Impact: An app may be able to disclose kernel memory

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32817: Xinru Chi of Pangu Lab

Kernel

Available for: Apple Watch Series 3 and later

Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication

Description: A logic issue was addressed with improved state management.

CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

Liblouis

Available for: Apple Watch Series 3 and later

Impact: An app may cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)

libxml2

Available for: Apple Watch Series 3 and later

Impact: An app may be able to leak sensitive user information

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2022-32823

Multi-Touch

Available for: Apple Watch Series 3 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A type confusion issue was addressed with improved checks.

CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

Multi-Touch

Available for: Apple Watch Series 3 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A type confusion issue was addressed with improved state handling.

CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

Software Update

Available for: Apple Watch Series 3 and later

Impact: A user in a privileged network position can track a user’s activity

Description: This issue was addressed by using HTTPS when sending information over the network.

CVE-2022-32857: Jeffrey Paul (sneak.berlin)

WebKit

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-32863: P1umer(@p1umer), afang(@afang5472), and xmzyshypnc(@xmzyshypnc1)

WebKit

Available for: Apple Watch Series 3 and later

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: The issue was addressed with improved UI handling.

CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

WebKit

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative

Wi-Fi

Available for: Apple Watch Series 3 and later

Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory

Description: This issue was addressed with improved checks.

CVE-2022-32847: Wang Yu of Cyberserval

Additional recognition

AppleMobileFileIntegrity

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

configd

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.