The Indian Computer Emergency Response Team (Cert-In) has issued a warning to all Apple Watch users in India. Marking the security risk of the vulnerabilities as ‘High’, the agency, in a press release, has cautioned Apple Watch users in the country against a slew of vulnerabilities that enable malicious hackers to bypass all security restrictions in Apple’s smartwatch and run an arbitrary code on the device. Simply put, by exploiting these vulnerabilities malicious hackers can gain access to all of users’ personal data. Also Read - Apple explains why iPhone covers are a waste of money
“These vulnerabilities exist in Apple Watch due to buffer overflow of AppleAVD component, an authorisation issue in AppleMobileFileIntegrity component; out-of-bounds write in Audio, ICU and WebKit component; type confusion in Multi-Touch component; multiple out-of-bounds write and memory corruption in GPU Drivers components; out-of-bounds read in Kernel component; and memory initialisation in libxml2 component,” Cert-In wrote in a press release. Also Read - Apple Health Report details how Apple Watch, Health app have been improving lives since launch
The agency said that all an attacker needs to do to exploit these vulnerabilities is send a specially-crafted request. Also Read - Smartphone sales fell 9% in Q2 2022 due to soaring inflation, but iPhone 13 remains in high demand: Report
“Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code and bypass security restriction on the targeted system,” the agency added in the release.
Apple too has detailed these vulnerabilities and their impact in a support page. The company in a support page wrote that in addition to gaining privileged access to various components and executing malicious codes, hackers can also track a user’s activity by exploiting the discovered bugs. Apple also said that these bugs can lead a malicious app to leak sensitive user information. It can also lead to UI spoofing wherein an attacker presents information to users in such a way that it appears to be coming from a legitimate source. This info often conceals critical details and it is used to mislead users.
Basically everyone who is not running the latest version of Apple’s WatchOS is vulnerable to these bugs.
Good thing is that Apple has already released a software update to fix all of these vulnerabilities. All you need to do is download and install the latest software update on your Apple Watch to safeguard yourself from these bugs.