Government Warns Apple Watch Users in India of Multiple High Severity Vulnerabilities

by admin 0 Comments

Gadgets

Products You May Like

Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Apple Watch models running watchOS versions older than 8.7 have been flagged by the government of India with multiple vulnerabilities. These vulnerabilities, which have been given a high severity rating, could allow attackers to run arbitrary code and bypass security restrictions on any targeted Apple Watch running watchOS 8.6 and older versions. As a solution, the government suggests the Apple Watch owners to apply necessary patches by updating to the latest available version — watchOS 8.7. Apple has also listed the vulnerability on its support website.

Indian Computer Emergency Response Team (CERT-in) said in a vulnerability note that the Apple Watch models running an older version of watchOS than 8.7 are affected by multiple vulnerabilities. The nodal agency for cybersecurity has given it a severity rating of high. According to CERT-in, the vulnerabilities could allow an attacker to execute arbitrary code and bypass Apple’s security restrictions on the targeted smartwatch.

The detected vulnerabilities exist due to a buffer overflow in AppleAVD component, an authorisation issue in AppleMobilityFileIntegrity component, out-of-bounds write in Audio, ICU, and WebKit component. CERT-in has also mentioned other reasons for these vulnerabilities to exist in Apple Watch models. These include, “type confusion in Multi-touch component, Multiple out-of-bounds write and memory corruption in GPU Drivers component, out-of-bounds read in Kernel component, and memory initialisation in libxml2 component.”

According to CERT-in vulnerability notification, a remote attacker could exploit the above-mentioned vulnerabilities by sending a specially-crafted request to the target device.

Apple has acknowledged the vulnerability on its support page, highlighted under AppleAVD impact that it could allow a remote user to cause kernel code execution.

The vulnerability note also added that the successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code and bypass the security restriction on an Apple Watch running watchOS version older than 8.7. The government has asked Apple Watch users to apply appropriate patches that are included in the watchOS 8.7 update, according to the Apple Security Updates website.

This article was originally published by Gadgets360.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks
Elden Ring Film or TV Adaptation Seemingly Teased by Writer George RR Martin
MSI Crosshair 16 HX Monster Hunter Edition Launched in India; MSI Claw Availability Announced
Samsung One UI 6 Watch Beta for Select Galaxy Watch 5, Galaxy Watch 4 Models Reportedly Released
Realme Pad 3 Allegedly Spotted on IMEI Website; Launch Appears Imminent

Leave a Reply

Your email address will not be published. Required fields are marked *