Vulnerability Description
An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app.
CVSS Score
5.5
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Watchos | < 10.0 |
| Apple | Watch Ultra | - |
| Apple | Watch Ultra 2 | - |
References
- http://seclists.org/fulldisclosure/2023/Oct/9Mailing ListThird Party Advisory
- https://support.apple.com/en-us/HT213937Release NotesVendor Advisory
- http://seclists.org/fulldisclosure/2023/Oct/9Mailing ListThird Party Advisory
- https://support.apple.com/en-us/HT213937Release NotesVendor Advisory
- https://support.apple.com/kb/HT213937
FAQ
What is CVE-2023-40418?
CVE-2023-40418 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app.
How severe is CVE-2023-40418?
CVE-2023-40418 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-40418?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Watchos, Apple Watch Ultra, Apple Watch Ultra 2.