About the security content of watchOS 11.1 – Apple Support

About the security content of watchOS 11.1 - Apple Support

October 28, 2024 at 12:06PM

A security update for watchOS 11.1, available for Apple Watch Series 6 and later, addresses multiple vulnerabilities including authentication issues, memory corruption, and sensitive data exposure. Improvements include enhanced checks, memory management, and input validation to prevent unauthorized access and system crashes. Release date is October 28, 2024.

### Meeting Takeaways:

**Release Information:**
– **Apple ID:** 121565
– **Release Date:** October 28, 2024
– **Affected Product:** Security content of watchOS 11.1
– **Update Availability:** For Apple Watch Series 6 and later

**Security Issues Addressed:**

1. **CVE-2024-44274**
– **Description:** Improved authentication
– **Impact:** Physical access to a locked device may reveal sensitive user information.

2. **CVE-2024-44255**
– **Description:** Enhanced path handling logic
– **Impact:** Malicious apps can run shortcuts without user consent.

3. **CVE-2024-44273**
– **Description:** Improved handling of symlinks
– **Impact:** Malicious apps may access private information.

4. **CVE-2024-44240 / CVE-2024-44302**
– **Description:** Enhanced checks
– **Impact:** Maliciously crafted fonts can disclose process memory.

5. **CVE-2024-44282 / CVE-2024-44215**
– **Description:** Improved checks
– **Impact:** Processing images may lead to process memory disclosure.

6. **CVE-2024-44297**
– **Description:** Improved bounds checks
– **Impact:** Malicious messages can lead to denial-of-service.

7. **CVE-2024-44285**
– **Description:** Improved memory management for use-after-free issue
– **Impact:** Apps may cause unexpected system termination or corrupt memory.

8. **CVE-2024-44239 / CVE-2024-44254 / CVE-2024-44269 / CVE-2024-44194**
– **Description:** Enhanced redaction of sensitive information
– **Impact:** Apps could potentially access sensitive user data.

9. **CVE-2024-44278 / CVE-2024-44296**
– **Description:** Improved checks for web content
– **Impact:** Malicious web content may not enforce Content Security Policy.

10. **CVE-2024-44244**
– **Description:** Improved input validation for memory corruption issue
– **Impact:** Malicious web content may cause unexpected process crashes.

### Summary:
The update addresses multiple security vulnerabilities in watchOS 11.1, particularly for physical access threats, unauthorized app activities, and potential memory disclosures, all needing immediate attention from users of Apple Watch Series 6 and later.

Full Article