Apple Watch Users Warning on Multiple Vulnerabilities especially for models with OS versions older than 8.7. The government of India has already flagged the device for multiple vulnerabilities. These vulnerabilities could allow attackers to run arbitrary code and bypass security restrictions on any targeted Apple Watch running watchOS 8.6 and older versions. It is suggested by the authorities to the users of Apple Watch to apply necessary patches by updating to the latest available version — watchOS 8.7. Apple has also listed the vulnerability on its support website.
Vulnerabilities exist due to a buffer overflow in AppleAVD component, an authorisation issue in Apple Mobility FileIntegrity component, out-of-bounds write in Audio, ICU, and WebKit component. CERT-in has also mentioned other reasons for these vulnerabilities to exist in Apple Watch models. These include, “type confusion in Multi-touch component, Multiple out-of-bounds write and memory corruption in GPU Drivers component, out-of-bounds read in Kernel component, and memory initialisation in libxml2 component.”
According to CERT-in vulnerability notification, a remote attacker could exploit the above-mentioned vulnerabilities by sending a specially-crafted request to the target device.
Apple has acknowledged the vulnerability on its support page, highlighted under AppleAVD impact that it could allow a remote user to cause kernel code execution.
The nodal agency for cybersecurity, Indian Computer Emergency Response Team (CERT-in) has given the Apple Watch Users Warning with severity rating of high. According to CERT-in, the vulnerabilities could allow an attacker to execute arbitrary code and bypass Apple’s security restrictions on the targeted smartwatch. Also Know – How to Check Your iPhone’s Storage Capacity ?