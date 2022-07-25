Are you using an Apple Watch that runs on OS version 8.7 or older? Beware! CERT-in has flagged severe vulnerabilities that the watches running on this operating software
Are you using an Apple Watch that runs on OS version 8.7 or older? Beware! The Indian Computer Emergency Response Team (CERT-in) has flagged severe vulnerabilities that the watches running on this operating software or older versions might allow attackers to run arbitrary code and bypass security restrictions on the target devices.
The Indian Government has flagged the severe vulnerabilities and has urged Apple Watch owners to update to the latest available version of Operating Software in order to not be susceptible to these security risks.
Notably, Apple has also red marked the vulnerabilities on their support website.
India's agency for cybersecurity has said that OS versions 8.7 or older for Apple Watch has severity rating of high. They have said that Apple Watch models running an older version of watch OS than 8.7 are affected by multiple vulnerabilities. According to CERT-in, the vulnerabilities could allow an attacker to execute arbitrary code and bypass Apple's security restrictions on the targeted smartwatch.
The CERT-in notification said that the attacker could send a specially-crafted request to the target device thereby exploiting the vulnerabilities.
To understand the Apple Watch's vulnerabilities-- it was made clear that these exist due to a buffer overflow in Apple AVD component, an authorisation issue in Apple Mobility File Integrity component, out-of-bounds write in Audio, ICU, and WebKit component.
CERT-in has also mentioned “type confusion in Multi-touch component, Multiple out-of-bounds write and memory corruption in GPU Drivers component, out-of-bounds read in Kernel component, and memory initialisation in libxml2 component." responsible for the vulnerabilities.
Apple has acknowledged the vulnerability on its support page, highlighted under AppleAVD impact that it could allow a remote user to cause kernel code execution.
The vulnerability note also added that the successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code and bypass the security restriction on an Apple Watch running watchOS version older than 8.7. The government has asked Apple Watch users to apply appropriate patches that are included in the watch OS 8.7 update, according to the Apple Security Updates website.