Apple Watch users beware! Security bug detected in watchOS versions older than 8.7. The Indian government has identified multiple vulnerabilities in the Apple Watch operating system older than 8.7. These vulnerabilities could allow attackers to bypass security restrictions and run arbitrary code on the device. These vulnerabilities were rated high severity and can be exploited by attackers to take over a targeted Apple Watch.
The government has issued a security advisory for Apple Watch users to update their devices to the latest version of watchOS 8.7 to address the vulnerability.
India’s Computer Emergency Response Team (CERT-in) in a vulnerability note noted that the older versions of the device are vulnerable to multiple vulnerabilities. These could allow an attacker to bypass the security restrictions of the device. CERT-in has given it a severity rating of high.
The vulnerabilities were discovered due to a buffer overflow in the AppleAVD component, an issue in the AppleMobilityFile component, and out-of-bounds writing in the various components of the Apple Watch. In addition, CERT-in has noted that these issues could be caused by multiple factors, such as the lack of memory initialisation in the libxml2 component, and confusion in the Multi-touch component. According to CERT-in, a remote attacker could potentially take advantage of these issues by sending a specially crafted request to the device.
On its support page, Apple also acknowledged the same and noted that the vulnerability could allow a remote user to cause a crash and execute the kernel code. It further said that an attacker could potentially bypass the security restrictions on an Apple Watch running older than 8.7. To address this issue, the government has urged users to update their devices to the latest watchOS 8.7. Apple has also released a security update for the device.