PatchSiren cyber security CVE debrief

CVE-2017-2352 Apple CVE debrief

CVE-2017-2352 is a Medium-severity Apple issue affecting the Apple Watch "Unlock with iPhone" path. According to the supplied record, the flaw can bypass the Watch’s wrist-presence protection and allow the device to be unlocked through unspecified vectors. The record’s CVSS 3.0 vector indicates a physically proximate, low-complexity attack with high integrity impact and no direct confidentiality or availability impact.

Vendor: Apple
Product: CVE-2017-2352
CVSS: MEDIUM 4.6
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-20
Original CVE updated: 2026-05-13
Advisory published: 2017-02-20
Advisory updated: 2026-05-13

Who should care

Users and administrators managing paired iPhone and Apple Watch devices, especially environments that rely on Watch unlock functionality and still have any devices on the affected iOS/watchOS releases.

Technical summary

The vulnerability sits in the Watch "Unlock with iPhone" component and weakens the wrist-presence protection mechanism. The supplied CVSS data is CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (4.6, Medium), which points to an attack that requires physical proximity and can change device integrity by unlocking the Watch. The record also states that iOS before 10.2.1 and watchOS before 3.1.3 are affected, while the NVD CPE criteria in the corpus list different end versions for iPhone OS and watchOS; see the vendor advisories for exact fixed builds.

Defensive priority

Moderate priority for any fleet that uses Apple Watch unlock and may still have devices on the affected releases; patching should be handled promptly because the issue directly weakens a device protection control.

Recommended defensive actions

Update affected Apple devices to the vendor-fixed releases referenced by Apple’s advisories; the supplied description identifies iOS before 10.2.1 and watchOS before 3.1.3 as affected.
Inventory paired iPhone and Apple Watch devices to identify any units still running potentially affected software versions.
For devices that cannot be updated immediately, reduce exposure by limiting physical access to the paired devices until patches are applied.
Use Apple’s support advisories HT207482 and HT207487 to confirm the exact patched versions for your deployment.
Validate post-update that wrist-presence protection and Watch unlock behavior are functioning as expected on managed devices.

Evidence notes

Primary evidence comes from the supplied NVD record and Apple advisory references. The corpus contains a version discrepancy: the human-readable description says iOS before 10.2.1 and watchOS before 3.1.3, while the NVD CPE criteria list iPhone OS versions up to 10.2.0 and watchOS up to 2.2.2. Because the full Apple advisory text is not embedded in the corpus, the debrief avoids asserting exact patched build numbers beyond what the supplied record states and points readers to the vendor advisories for confirmation.

Official resources

CVE-2017-2352 CVE record
CVE.org
CVE-2017-2352 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly disclosed on 2017-02-20, based on the supplied CVE publication timestamp. The 2026-05-13 timestamp in the corpus is a record-modification date, not the vulnerability’s disclosure date.