Government Warns Apple Watch Users in India of Multiple High Severity Vulnerabilities

Apple Watch models running watchOS 8.6 and older are at risk, according to the government.

Government Warns Apple Watch Users in India of Multiple High Severity Vulnerabilities

The government has asked Apple Watch users to apply appropriate patches

Highlights
  • Apple has mentioned the vulnerability on its support page
  • CERT-in urges users to apply appropriate patches
  • The vulnerabilities exist due to multiple components

Apple Watch models running watchOS versions older than 8.7 have been flagged by the government of India with multiple vulnerabilities. These vulnerabilities, which have been given a high severity rating, could allow attackers to run arbitrary code and bypass security restrictions on any targeted Apple Watch running watchOS 8.6 and older versions. As a solution, the government suggests the Apple Watch owners to apply necessary patches by updating to the latest available version — watchOS 8.7. Apple has also listed the vulnerability on its support website.

Indian Computer Emergency Response Team (CERT-in) said in a vulnerability note that the Apple Watch models running an older version of watchOS than 8.7 are affected by multiple vulnerabilities. The nodal agency for cybersecurity has given it a severity rating of high. According to CERT-in, the vulnerabilities could allow an attacker to execute arbitrary code and bypass Apple's security restrictions on the targeted smartwatch.

The detected vulnerabilities exist due to a buffer overflow in AppleAVD component, an authorisation issue in AppleMobilityFileIntegrity component, out-of-bounds write in Audio, ICU, and WebKit component. CERT-in has also mentioned other reasons for these vulnerabilities to exist in Apple Watch models. These include, “type confusion in Multi-touch component, Multiple out-of-bounds write and memory corruption in GPU Drivers component, out-of-bounds read in Kernel component, and memory initialisation in libxml2 component.”

According to CERT-in vulnerability notification, a remote attacker could exploit the above-mentioned vulnerabilities by sending a specially-crafted request to the target device.

Apple has acknowledged the vulnerability on its support page, highlighted under AppleAVD impact that it could allow a remote user to cause kernel code execution.

The vulnerability note also added that the successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code and bypass the security restriction on an Apple Watch running watchOS version older than 8.7. The government has asked Apple Watch users to apply appropriate patches that are included in the watchOS 8.7 update, according to the Apple Security Updates website.


Missed Apple's WWDC 2022? We discuss every major announcement on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Apple, Apple Watch, watchOS
Loki Season 2, Echo, Agatha, Ironheart, Secret Invasion Set 2023 Disney+ Hotstar Premieres
Engineers Develop Unique Mattress And Pillow System That Tricks People To Fall Asleep Faster
Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2022. All rights reserved.