watchOS 2

• Apple Pay
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment
  Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality.
  CVE-ID
  CVE-2015-5916
  

• Audio
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: Playing a malicious audio file may lead to an unexpected application termination
  Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling.
  CVE-ID
  CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
  

• Certificate Trust Policy
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: Update to the certificate trust policy
  Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/kb/HT204873.
  

• CFNetwork
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: An attacker with a privileged network position may intercept SSL/TLS connections
  Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation.
  CVE-ID
  CVE-2015-5824 : Timothy J. Wood of The Omni Group
  

• CFNetwork
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: Connecting to a malicious web proxy may set malicious cookies for a website
  Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response.
  CVE-ID
  CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
  

• CFNetwork
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: An attacker in a privileged network position can track a user's activity
  Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was addressed through improved restrictions of cookie creation.
  CVE-ID
  CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
  

• CFNetwork
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A person with physical access to an iOS device may read cache data from Apple apps
  Description: Cache data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the cache data with a key protected by the hardware UID and the user's passcode.
  CVE-ID
  CVE-2015-5898 : Andreas Kurtz of NESO Security Labs
  

• CoreCrypto
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: An attacker may be able to determine a private key
  Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.
  

• CoreText
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
  Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
  CVE-ID
  CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
  

• Data Detectors Engine
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: Processing a maliciously crafted text file may lead to arbitrary code execution
  Description: Memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking.
  CVE-ID
  CVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)
  

• Dev Tools
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A malicious application may be able to execute arbitrary code with system privileges
  Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling.
  CVE-ID
  CVE-2015-5876 : beist of grayhash
  

• Disk Images
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A local user may be able to execute arbitrary code with system privileges
  Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling.
  CVE-ID
  CVE-2015-5847 : Filippo Bigarella, Luca Todesco
  

• dyld
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: An application may be able to bypass code signing
  Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking.
  CVE-ID
  CVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team
  

• GasGauge
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A local user may be able to execute arbitrary code with kernel privileges
  Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling.
  CVE-ID
  CVE-2015-5918 : Apple
  CVE-2015-5919 : Apple
  

• ICU
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: Multiple vulnerabilities in ICU
  Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1.
  CVE-ID
  CVE-2014-8146
  CVE-2015-1205
  

• IOAcceleratorFamily
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A malicious application may be able to determine kernel memory layout
  Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking.
  CVE-ID
  CVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team
  

• IOAcceleratorFamily
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A local user may be able to execute arbitrary code with system privileges
  Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling.
  CVE-ID
  CVE-2015-5848 : Filippo Bigarella
  

• IOKit
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A malicious application may be able to execute arbitrary code with system privileges
  Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
  CVE-ID
  CVE-2015-5844 : Filippo Bigarella
  CVE-2015-5845 : Filippo Bigarella
  CVE-2015-5846 : Filippo Bigarella
  

• IOMobileFrameBuffer
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A local user may be able to execute arbitrary code with system privileges
  Description: A memory corruption issue existed in IOMobileFrameBuffer. This issue was addressed through improved memory handling.
  CVE-ID
  CVE-2015-5843 : Filippo Bigarella
  

• IOStorageFamily
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A local attacker may be able to read kernel memory
  Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling.
  CVE-ID
  CVE-2015-5863 : Ilja van Sprundel of IOActive
  

• Kernel
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A local user may be able to execute arbitrary code with kernel privileges
  Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
  CVE-ID
  CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team
  CVE-2015-5896 : Maxime Villard of m00nbsd
  CVE-2015-5903 : CESG
  

• Kernel
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A local attacker may control the value of stack cookies
  Description: Multiple weaknesses existed in the generation of user space stack cookies. This was addressed through improved generation of stack cookies.
  CVE-ID
  CVE-2013-3951 : Stefan Esser
  

• Kernel
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A local process can modify other processes without entitlement checks
  Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through added entitlement checks.
  CVE-ID
  CVE-2015-5882 : Pedro Vilaça, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin
  

• Kernel
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: An attacker in a local LAN segment may disable IPv6 routing
  Description: An insufficient validation issue existed in handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit.
  CVE-ID
  CVE-2015-5869 : Dennis Spindel Ljungmark
  

• Kernel
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A local user may be able to determine kernel memory layout
  Description: An issue existed in XNU that led to the disclosure of kernel memory. This was addressed through improved initialization of kernel memory structures.
  CVE-ID
  CVE-2015-5842 : beist of grayhash
  

• Kernel
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A local user may be able to cause a system denial of service
  Description: An issue existed in HFS drive mounting. This was addressed by additional validation checks.
  CVE-ID
  CVE-2015-5748 : Maxime Villard of m00nbsd
  

• libpthread
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A local user may be able to execute arbitrary code with kernel privileges
  Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
  CVE-ID
  CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
  

• PluginKit
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: A malicious enterprise application can install extensions before the application has been trusted
  Description: An issue existed in the validation of extensions during installation. This was addressed through improved app verification.
  CVE-ID
  CVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc.
  

• removefile
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: Processing malicious data may lead to unexpected application termination
  Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines.
  CVE-ID
  CVE-2015-5840 : an anonymous researcher
  

• SQLite
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: Multiple vulnerabilities in SQLite v3.8.5
  Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2.
  CVE-ID
  CVE-2015-5895
  

• tidy
  Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
  Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
  Description: A memory corruption issue existed in Tidy. This issues was addressed through improved memory handling.
  
  CVE-ID
  
  CVE-2015-5522 : Fernando Muñoz of NULLGroup.com
  
  CVE-2015-5523 : Fernando Muñoz of NULLGroup.com