Government Warns Apple Watch Users in India of Multiple High Severity Vulnerabilities

Apple Watch models running watchOS versions older than 8.7 have been flagged by the government of India with multiple vulnerabilities. These vulnerabilities, which have been given a high severity rating, could allow attackers to run arbitrary code and bypass security restrictions on any targeted Apple Watch running watchOS 8.6 and older versions. As a solution, the government suggests the Apple Watch owners to apply necessary patches by updating to the latest available version — watchOS 8.7. Apple has also listed the vulnerability on its support website.

Indian Computer Emergency Response Team (CERT-in) said in a vulnerability note that the Apple Watch models running an older version of watchOS than 8.7 are affected by multiple vulnerabilities. The nodal agency for cybersecurity has given it a severity rating of high. According to CERT-in, the vulnerabilities could allow an attacker to execute arbitrary code and bypass Apple’s security restrictions on the targeted smartwatch.

The detected vulnerabilities exist due to a buffer overflow in AppleAVD component, an authorisation issue in AppleMobilityFileIntegrity component, out-of-bounds write in Audio, ICU, and WebKit component. CERT-in has also mentioned other reasons for these vulnerabilities to exist in Apple Watch models. These include, “type confusion in Multi-touch component, Multiple out-of-bounds write and memory corruption in GPU Drivers component, out-of-bounds read in Kernel component, and memory initialisation in libxml2 component.”

According to CERT-in vulnerability notification, a remote attacker could exploit the above-mentioned vulnerabilities by sending a specially-crafted request to the target device.

Apple has acknowledged the vulnerability on its support page, highlighted under AppleAVD impact that it could allow a remote user to cause kernel code execution.

The vulnerability note also added that the successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code and bypass the security restriction on an Apple Watch running watchOS version older than 8.7. The government has asked Apple Watch users to apply appropriate patches that are included in the watchOS 8.7 update, according to the Apple Security Updates website.


For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.