diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3620a46..8045ba8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -33,6 +33,16 @@ jobs:
           rustup component add rust-src --toolchain nightly-aarch64-apple-darwin
           cargo +nightly clippy -Zbuild-std --target aarch64-apple-tvos
 
+      - name: Clippy (watchOS)
+        run: |
+          rustup component add rust-src --toolchain nightly-aarch64-apple-darwin
+          cargo +nightly clippy -Zbuild-std --target aarch64-apple-watchos
+
+      - name: Clippy (visionOS)
+        run: |
+          rustup component add rust-src --toolchain nightly-aarch64-apple-darwin
+          cargo +nightly clippy -Zbuild-std --target aarch64-apple-visionos
+
   clippy:
     name: Clippy (stable)
     runs-on: ${{ matrix.os }}
diff --git a/rustls-platform-verifier/Cargo.toml b/rustls-platform-verifier/Cargo.toml
index 002a52d..8c7cdad 100644
--- a/rustls-platform-verifier/Cargo.toml
+++ b/rustls-platform-verifier/Cargo.toml
@@ -36,7 +36,7 @@ jni = { version = "0.19", default-features = false, optional = true } # Only use
 once_cell = "1.9"
 paste = { version = "1.0", default-features = false, optional = true } # Only used when `ffi-testing` feature is enabled
 
-[target.'cfg(all(unix, not(target_os = "android"), not(target_os = "macos"), not(target_os = "ios"), not(target_os = "tvos"), not(target_arch = "wasm32")))'.dependencies]
+[target.'cfg(all(unix, not(target_os = "android"), not(target_vendor = "apple"), not(target_arch = "wasm32")))'.dependencies]
 rustls-native-certs = "0.7"
 webpki = { package = "rustls-webpki", version = "0.102", default-features = false }
 
@@ -54,7 +54,7 @@ webpki-root-certs = "0.26"
 [target.'cfg(target_os = "freebsd")'.dev-dependencies]
 webpki-root-certs = "0.26"
 
-[target.'cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos"))'.dependencies]
+[target.'cfg(any(target_vendor = "apple"))'.dependencies]
 core-foundation = "0.9"
 core-foundation-sys = "0.8"
 security-framework = { version = "2.10", features = ["OSX_10_14"] }
diff --git a/rustls-platform-verifier/src/tests/ffi.rs b/rustls-platform-verifier/src/tests/ffi.rs
index 6a4a5af..f66b49d 100644
--- a/rustls-platform-verifier/src/tests/ffi.rs
+++ b/rustls-platform-verifier/src/tests/ffi.rs
@@ -150,7 +150,7 @@ mod dummy {
         #[cfg(any(
             windows,
             target_os = "android",
-            target_os = "macos",
+            target_vendor = "apple",
             target_os = "linux"
         ))]
         let _ = tests::verification_mock::ALL_TEST_CASES;
diff --git a/rustls-platform-verifier/src/tests/verification_mock/mod.rs b/rustls-platform-verifier/src/tests/verification_mock/mod.rs
index 72f1f3e..a71dd3c 100644
--- a/rustls-platform-verifier/src/tests/verification_mock/mod.rs
+++ b/rustls-platform-verifier/src/tests/verification_mock/mod.rs
@@ -16,7 +16,10 @@
 #![cfg(all(
     any(windows, unix, target_os = "android"),
     not(target_os = "ios"),
-    not(target_os = "tvos")
+    // These OSes require a simulator runtime and bundle.
+    not(target_os = "tvos"),
+    not(target_os = "watchos"),
+    not(target_os = "visionos")
 ))]
 
 use super::TestCase;
@@ -209,7 +212,7 @@ mock_root_test_cases! {
     // Check that self-signed certificates, which may or may not be revokved, do not return any
     // kind of revocation error. It is expected that non-public certificates without revocation information
     // have no revocation checking performed across platforms.
-    revoked_dns [ any(windows, target_os = "android", target_os = "macos") ] => TestCase {
+    revoked_dns [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase {
         reference_id: EXAMPLE_COM,
         chain: &[include_bytes!("root1-int1-ee_example.com-revoked.crt"), ROOT1_INT1],
         stapled_ocsp: None,
@@ -217,7 +220,7 @@ mock_root_test_cases! {
         expected_result: Ok(()),
         other_error: no_error!(),
     },
-    stapled_revoked_dns [ any(windows, target_os = "android", target_os = "macos") ] => TestCase {
+    stapled_revoked_dns [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase {
         reference_id: EXAMPLE_COM,
         chain: &[include_bytes!("root1-int1-ee_example.com-revoked.crt"), ROOT1_INT1],
         stapled_ocsp: Some(include_bytes!("root1-int1-ee_example.com-revoked.ocsp")),
@@ -225,7 +228,7 @@ mock_root_test_cases! {
         expected_result: Err(TlsError::InvalidCertificate(CertificateError::Revoked)),
         other_error: no_error!(),
     },
-    stapled_revoked_ipv4 [ any(windows, target_os = "android", target_os = "macos") ] => TestCase {
+    stapled_revoked_ipv4 [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase {
         reference_id: LOCALHOST_IPV4,
         chain: &[include_bytes!("root1-int1-ee_127.0.0.1-revoked.crt"), ROOT1_INT1],
         stapled_ocsp: Some(include_bytes!("root1-int1-ee_127.0.0.1-revoked.ocsp")),
@@ -233,7 +236,7 @@ mock_root_test_cases! {
         expected_result: Err(TlsError::InvalidCertificate(CertificateError::Revoked)),
         other_error: no_error!(),
     },
-    stapled_revoked_ipv6 [ any(windows, target_os = "android", target_os = "macos") ] => TestCase {
+    stapled_revoked_ipv6 [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase {
         reference_id: LOCALHOST_IPV6,
         chain: &[include_bytes!("root1-int1-ee_1-revoked.crt"), ROOT1_INT1],
         stapled_ocsp: Some(include_bytes!("root1-int1-ee_1-revoked.ocsp")),
diff --git a/rustls-platform-verifier/src/verification/mod.rs b/rustls-platform-verifier/src/verification/mod.rs
index e55d71d..baf3ce4 100644
--- a/rustls-platform-verifier/src/verification/mod.rs
+++ b/rustls-platform-verifier/src/verification/mod.rs
@@ -4,25 +4,21 @@ use std::sync::Arc;
 #[cfg(all(
     any(unix, target_arch = "wasm32"),
     not(target_os = "android"),
-    not(target_os = "macos"),
-    not(target_os = "ios"),
-    not(target_os = "tvos")
+    not(target_vendor = "apple"),
 ))]
 mod others;
 
 #[cfg(all(
     any(unix, target_arch = "wasm32"),
     not(target_os = "android"),
-    not(target_os = "macos"),
-    not(target_os = "ios"),
-    not(target_os = "tvos")
+    not(target_vendor = "apple"),
 ))]
 pub use others::Verifier;
 
-#[cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos"))]
+#[cfg(target_vendor = "apple")]
 mod apple;
 
-#[cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos"))]
+#[cfg(target_vendor = "apple")]
 pub use apple::Verifier;
 
 #[cfg(target_os = "android")]
@@ -67,7 +63,7 @@ fn log_server_cert(_end_entity: &rustls::pki_types::CertificateDer<'_>) {
 
 // Unknown certificate error shorthand. Used when we need to construct an "Other" certificate
 // error with a platform specific error message.
-#[cfg(any(windows, target_os = "macos", target_os = "ios", target_os = "tvos"))]
+#[cfg(any(windows, target_vendor = "apple"))]
 fn invalid_certificate(reason: impl Into<String>) -> rustls::Error {
     rustls::Error::InvalidCertificate(rustls::CertificateError::Other(rustls::OtherError(
         Arc::from(Box::from(reason.into())),
diff --git a/rustls-platform-verifier/src/verification/others.rs b/rustls-platform-verifier/src/verification/others.rs
index 9a0c39b..a7f4c23 100644
--- a/rustls-platform-verifier/src/verification/others.rs
+++ b/rustls-platform-verifier/src/verification/others.rs
@@ -124,9 +124,7 @@ impl Verifier {
         #[cfg(all(
             unix,
             not(target_os = "android"),
-            not(target_os = "macos"),
-            not(target_os = "ios"),
-            not(target_os = "tvos"),
+            not(target_vendor = "apple"),
             not(target_arch = "wasm32"),
         ))]
         match rustls_native_certs::load_native_certs() {