CVE-2024-27814: A person with physical access to a device may be able to view contact information from the lock screen in Apple watchOS
CVE-2024-27814 is a low-severity vulnerability in Apple watchOS that could allow a person with physical access to the device to view contact information from the lock screen. The issue was addressed through improved state management and is fixed in watchOS 10. 5. This vulnerability does not allow remote exploitation and requires physical access to the device. The CVSS score is 2. 4, reflecting limited impact confined to information disclosure without integrity or availability effects.
AI Analysis
Technical Summary
This vulnerability in Apple watchOS (CVE-2024-27814) allows an attacker with physical access to view contact information from the lock screen due to insufficient state management. The issue was resolved by Apple in watchOS 10.5 through improved state management to prevent unauthorized access to contact data when the device is locked. The CVSS 3.1 vector indicates local attack vector with low complexity and no privileges or user interaction required, resulting in limited confidentiality impact only.
Potential Impact
An attacker with physical access to an affected Apple Watch device could view contact information from the lock screen without authentication. There is no impact on integrity or availability, and no remote exploitation is possible. The confidentiality impact is limited to contact information exposure. The vulnerability is rated low severity with a CVSS score of 2.4.
Mitigation Recommendations
This vulnerability is fixed in watchOS 10.5. Users and administrators should ensure that Apple Watch devices are updated to watchOS 10.5 or later to remediate this issue. No additional mitigation steps are required as the vendor has provided an official fix.
CVE-2024-27814: A person with physical access to a device may be able to view contact information from the lock screen in Apple watchOS
Description
CVE-2024-27814 is a low-severity vulnerability in Apple watchOS that could allow a person with physical access to the device to view contact information from the lock screen. The issue was addressed through improved state management and is fixed in watchOS 10. 5. This vulnerability does not allow remote exploitation and requires physical access to the device. The CVSS score is 2. 4, reflecting limited impact confined to information disclosure without integrity or availability effects.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Apple watchOS (CVE-2024-27814) allows an attacker with physical access to view contact information from the lock screen due to insufficient state management. The issue was resolved by Apple in watchOS 10.5 through improved state management to prevent unauthorized access to contact data when the device is locked. The CVSS 3.1 vector indicates local attack vector with low complexity and no privileges or user interaction required, resulting in limited confidentiality impact only.
Potential Impact
An attacker with physical access to an affected Apple Watch device could view contact information from the lock screen without authentication. There is no impact on integrity or availability, and no remote exploitation is possible. The confidentiality impact is limited to contact information exposure. The vulnerability is rated low severity with a CVSS score of 2.4.
Mitigation Recommendations
This vulnerability is fixed in watchOS 10.5. Users and administrators should ensure that Apple Watch devices are updated to watchOS 10.5 or later to remediate this issue. No additional mitigation steps are required as the vendor has provided an official fix.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-02-26T15:32:28.520Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69ceb821e6bfc5ba1df6e637
Added to database: 4/2/2026, 6:40:33 PM
Last enriched: 4/9/2026, 11:13:33 PM
Last updated: 5/20/2026, 8:57:22 PM
Views: 18
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.