APPLE-SA-11-03-2025-6 watchOS 26.1

[Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-11-03-2025-6 watchOS 26.1

watchOS 26.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125639.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Account
Available for: Apple Watch Series 6 and later
Impact: A malicious app may be able to take a screenshot of sensitive
information in embedded views
Description: A privacy issue was addressed with improved checks.
CVE-2025-43455: Ron Masas of BreakPoint.SH, Pinak Oza

Apple Neural Engine
Available for: Apple Watch Series 9 and later, Apple Watch SE 2nd
generation, Apple Watch Ultra (all models)
Impact: An app may be able to cause unexpected system termination or
corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-43447: an anonymous researcher
CVE-2025-43462: an anonymous researcher

AppleMobileFileIntegrity
Available for: Apple Watch Series 6 and later
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43379: Gergely Kalman (@gergely_kalman)

CloudKit
Available for: Apple Watch Series 6 and later
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43448: Hikerell (Loadshine Lab)

CoreServices
Available for: Apple Watch Series 6 and later
Impact: An app may be able to enumerate a user's installed apps
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43436: Zhongcheng Li from IES Red Team of ByteDance

CoreText
Available for: Apple Watch Series 6 and later
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2025-43445: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative

Find My
Available for: Apple Watch Series 6 and later
Impact: An app may be able to fingerprint the user
Description: A privacy issue was addressed by moving sensitive data.
CVE-2025-43507: iisBuri

FontParser
Available for: Apple Watch Series 6 and later
Impact: Processing a maliciously crafted font may lead to unexpected app
termination or corrupt process memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2025-43400: Apple

Installer
Available for: Apple Watch Series 6 and later
Impact: An app may be able to fingerprint the user
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43444: Zhongcheng Li from IES Red Team of ByteDance

Kernel
Available for: Apple Watch Series 6 and later
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2025-43398: Cristian Dinca (icmd.tech)

libxpc
Available for: Apple Watch Series 6 and later
Impact: A sandboxed app may be able to observe system-wide network
connections
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-43413: Dave G. and Alex Radocea of supernetworks.org

Mail Drafts
Available for: Apple Watch Series 6 and later
Impact: Remote content may be loaded even when the 'Load Remote Images'
setting is turned off
Description: The issue was addressed by adding additional logic.
CVE-2025-43496: Romain Lebesle, Himanshu Bharti @Xpl0itme From Khatima

MallocStackLogging
Available for: Apple Watch Series 6 and later
Impact: An app may be able to access sensitive user data
Description: An issue existed in the handling of environment variables.
This issue was addressed with improved validation.
CVE-2025-43294: Gergely Kalman (@gergely_kalman)

Phone
Available for: Apple Watch Series 6 and later
Impact: An attacker with physical access to a locked Apple Watch may be
able to view Live Voicemail
Description: An authentication issue was addressed with improved state
management.
CVE-2025-43459: Dalibor Milanovic

Safari
Available for: Apple Watch Series 6 and later
Impact: Visiting a malicious website may lead to user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2025-43503: @RenwaX23

Sandbox Profiles
Available for: Apple Watch Series 6 and later
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved handling of
user preferences.
CVE-2025-43500: Stanislav Jelezoglo

WebKit
Available for: Apple Watch Series 6 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 276208
CVE-2025-43480: Aleksejs Popovs

WebKit
Available for: Apple Watch Series 6 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 296693
CVE-2025-43458: Phil Beauvoir
WebKit Bugzilla: 298196
CVE-2025-43430: Google Big Sleep

WebKit
Available for: Apple Watch Series 6 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: This issue was addressed with improved checks.
WebKit Bugzilla: 299843
CVE-2025-43443: an anonymous researcher

WebKit
Available for: Apple Watch Series 6 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: This issue was addressed with improved checks
WebKit Bugzilla: 298126
CVE-2025-43440: Nan Wang (@eternalsakura13)

WebKit
Available for: Apple Watch Series 6 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 297662
CVE-2025-43438: shandikri working with Trend Micro Zero Day Initiative
WebKit Bugzilla: 298606
CVE-2025-43457: Gary Kwong, Hossein Lotfi (@hosselot) of Trend Micro
Zero Day Initiative
WebKit Bugzilla: 297958
CVE-2025-43434: Google Big Sleep

WebKit
Available for: Apple Watch Series 6 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 299391
CVE-2025-43435: Justin Cohen of Google
WebKit Bugzilla: 298851
CVE-2025-43425: an anonymous researcher

WebKit
Available for: Apple Watch Series 6 and later
Impact: Processing maliciously crafted web content may lead to memory
corruption
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 298093
CVE-2025-43433: Google Big Sleep
WebKit Bugzilla: 298194
CVE-2025-43431: Google Big Sleep

WebKit
Available for: Apple Watch Series 6 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 299313
CVE-2025-43432: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative

WebKit
Available for: Apple Watch Series 6 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: A buffer overflow was addressed with improved bounds
checking.
WebKit Bugzilla: 298232
CVE-2025-43429: Google Big Sleep

WebKit Canvas
Available for: Apple Watch Series 6 and later
Impact: A website may exfiltrate image data cross-origin
Description: The issue was addressed with improved handling of caches.
WebKit Bugzilla: 297566
CVE-2025-43392: Tom Van Goethem

Additional recognition

Mail
We would like to acknowledge an anonymous researcher for their
assistance.

MobileInstallation
We would like to acknowledge Bubble Zhang for their assistance.

Safari
We would like to acknowledge Barath Stalin K for their assistance.

Shortcuts
We would like to acknowledge BanKai, Benjamin Hornbeck, Chi Yuan Chang
of ZUSO ART and taikosoup, Ryan May, Andrew James Gonzalez, an anonymous
researcher for their assistance.

WebKit
We would like to acknowledge Enis Maholli (enismaholli.com), Google Big
Sleep for their assistance.

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmkJTbMACgkQ4Ifiq8DH
7PVNnw//R8/g1fK0QkQIRvfM7afOv6QfMb+T5SxoluCXz624y9zbc6K/vV5Pg+td
KKw42K4up1u/eoJSfrc1PhHcoHSNDqiq3XXR0A797xp5vgsEM4uCQfln8MBzrxnB
g0dSaMr3zGRZ/0RJj3ASxJf7Ks/h085eMjl8jZQ6KmIRKedMe1DcVGGtaImN+Kcy
S4lBymT9nctLnkSKMB7AhHHD4xNvBI7jaVW6BmhSobDZ1DNPQM95XEtRakZvsZeH
T6xC88A+0WRrZlmW7+ull7s/J6ICA540j53w+uftMRwb0sCLRy/Ws6JqiAltoUlg
7N0qNtYj5h0mL8JswCryZqwryGaEBX/jrfJGH3nki67RKcDYw8drZfoogq0u9FbZ
dLJgIW7mu3uqHccjr+J9n1IwaovKPSAMGAoGB6G9/XLEPVxE/6qv+OH1aQXqLSfi
wjJPQlZFwed5pKLT8PD0HrMUMUCqzx56H8XdiyzitYGNXx8v5CV9YKyOnMg9cfEm
Xu6mtYuckV/mZCFBbSHvZR0QSyIL27XWjWPr5ZYUqa0ItKZUyWdSUm2GJI2Entap
aCFed16BokJuKCNwX455dY8VnyqtliYMnpuMzNbVhckkNovZ5nJYTLuCrdX17xc8
VhDcyawQdKW8geVFc535/Ik+sTbnYnmx+PCq73CEdiTXECTthCw=
=KXSN
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/