October 13, 2024 at 02:30PM
Apple has released updates for watchOS 11 addressing various security vulnerabilities, including issues related to state management, out-of-bounds access, and cross-origin problems. These vulnerabilities may allow unauthorized access, app termination, and denial-of-service. Updates are available for Apple Watch Series 6 and later devices.
**Meeting Takeaways: Security Updates for watchOS 11**
**Release Date:** September 16, 2024
**Affected Product:** About the security content of watchOS 11
**Update Availability:** For Apple Watch Series 6 and later
### CVE Summary:
1. **CVE-2024-44171**
– **Description:** Improved state management.
– **Impact:** Physical access to a locked device may allow control of nearby devices via accessibility features.
2. **CVE-2024-40850 / CVE-2024-27880**
– **Description:** Out-of-bounds read issue addressed with improved input validation.
– **Impact:** Processing a maliciously crafted file may lead to unexpected app termination.
3. **CVE-2024-44176**
– **Description:** Out-of-bounds access issue rectified with improved bounds checking.
– **Impact:** Processing an image may cause a denial-of-service.
4. **CVE-2024-44169 / CVE-2024-44187**
– **Description:** Cross-origin issue with “iframe” elements addressed by improving security origin tracking.
– **Impact:** A malicious website may exfiltrate data cross-origin.
5. **CVE-2024-44191**
– **Description:** Enhanced state management measures implemented.
– **Impact:** Unauthorized Bluetooth access for an app.
6. **CVE-2024-44198**
– **Description:** Integer overflow addressed with improved input validation.
– **Impact:** Processing malicious web content may lead to unexpected process crashes.
7. **CVE-2024-44183**
– **Description:** Logic error corrected through better error handling.
– **Impact:** Potential denial-of-service caused by an app.
8. **CVE-2024-44170 / CVE-2024-40857**
– **Description:** Improved state management.
– **Impact:** Processing malicious web content may lead to universal cross-site scripting.
### Conclusion:
These updates target various vulnerabilities in watchOS 11, enhancing security through improved state management, bounds checking, and input validation among other measures. All updates are applicable for Apple Watch Series 6 and later models.