VYPR
← All advisories
Medium severity4.6NVD Advisory· Published Feb 20, 2017· Updated May 13, 2026

CVE-2017-2352

CVE-2017-2352

Description

CVE-2017-2352 allows attackers to bypass the wrist-presence protection on Apple Watch by exploiting the Unlock with iPhone feature, enabling unauthorized access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2017-2352 allows attackers to bypass the wrist-presence protection on Apple Watch by exploiting the Unlock with iPhone feature, enabling unauthorized access.

Vulnerability

The vulnerability exists in the "Unlock with iPhone" component on Apple Watch. In watchOS versions prior to 3.1.3 and iOS versions prior to 10.2.1, the wrist-presence protection mechanism can be bypassed, allowing an attacker to unlock the Watch without the wrist being present. The issue is triggered via unspecified vectors related to the communication between the iPhone and Watch. [1][2]

Exploitation

An attacker with physical access to the paired iPhone (which is already unlocked) can exploit the flaw to unlock the Apple Watch without needing the Watch to detect the wearer's wrist. The exact steps are not publicly detailed, but the attack does not require the attacker to be wearing the Watch. [1][2]

Impact

Successful exploitation allows an attacker to bypass the wrist-detection security of the Apple Watch, unlocking the device and gaining access to its applications, notifications, and sensitive data. This compromises the device's intended protection against unauthorized use when removed from the owner's wrist. [1][2]

Mitigation

Apple addressed the issue in watchOS 3.1.3 and iOS 10.2.1, both released on January 23, 2017. Users should update their devices to the latest OS versions. No workarounds are available for unpatched versions. [1][2]

References
  1. About the security content of watchOS 3.1.3 - Apple Support
  2. About the security content of iOS 10.2.1 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Apple Inc./Iphone OS
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=10.2.0
  • Apple Inc./watchOS2 versions
    cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <=2.2.2
    • (no CPE)range: <3.1.3
  • Apple Inc./iOSllm-fuzzy
    Range: <10.2.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.