India’s Computer Emergency Response Team (CERTIFICATE) recently issued a warning for Apple Watch user. The government agency has marked the security risk as ‘high severity’ and mentioned that multiple vulnerabilities in the watch could create Apple View users as easy targets for hackers.
For the uninitiated, CERT-IN is a focal point under the Ministry of Electronics and Information Technology. Government agency responsible for highlighting bugs and cybersecurity threats like phishing and hacking.
What did the government say?
CERT-IN noted that “these vulnerabilities exist in” the Apple watch due to a buffer overflow in the AppleAVD component; authorization problem in AppleMobileFileInterity component; off-limits recording in Audio, ICU and WebKit components; mistaken input in Multi-Touch
element; Multiple write errors and memory out of bounds in the GPU Driver component; read out of bounds in Kernel component; and initialize the memory in the libxml2 component”.
The warning also mentions that remote hackers can exploit these vulnerabilities and execute arbitrary code and bypass security restrictions on the targeted device by sending a specially crafted request. .
Who is affected?
According to the warning page, everyone with an Apple Watch running earlier than watchOS 8.7 is affected.
What can users do?
CERT-IN has recommended that Apple Watch users apply the latest security patch to the device to address the vulnerabilities. Thankfully, Apple has rolled out the watchOS 8.7 update that includes security updates and addresses the listed vulnerabilities.
How to update Apple Watch
For the uninitiated, CERT-IN is a focal point under the Ministry of Electronics and Information Technology. Government agency responsible for highlighting bugs and cybersecurity threats like phishing and hacking.
What did the government say?
CERT-IN noted that “these vulnerabilities exist in” the Apple watch due to a buffer overflow in the AppleAVD component; authorization problem in AppleMobileFileInterity component; off-limits recording in Audio, ICU and WebKit components; mistaken input in Multi-Touch
element; Multiple write errors and memory out of bounds in the GPU Driver component; read out of bounds in Kernel component; and initialize the memory in the libxml2 component”.
The warning also mentions that remote hackers can exploit these vulnerabilities and execute arbitrary code and bypass security restrictions on the targeted device by sending a specially crafted request. .
Who is affected?
According to the warning page, everyone with an Apple Watch running earlier than watchOS 8.7 is affected.
What can users do?
CERT-IN has recommended that Apple Watch users apply the latest security patch to the device to address the vulnerabilities. Thankfully, Apple has rolled out the watchOS 8.7 update that includes security updates and addresses the listed vulnerabilities.
How to update Apple Watch
- Make sure your watch is connected to Wi-Fi
- On your watch, open the Settings app
- Tap General → Software Update
- Tap Install if a software update is available and follow the on-screen instructions
