CERT-in flags vulnerabilities in Apple Watches running older OS

The Indian government has flagged multiple severe vulnerabilities on Apple Watch models running watchOS versions older than version 8.7, including security bypass issues.

Attackers could run arbitrary code and bypass security restrictions on such Apple Watches, the concerned authority said, adding that Apple Watch owners need to apply necessary updates to the latest available version — watchOS 8.7. Apple has also listed the vulnerability on its support website.

In a vulnerability note, Computer Emergency Response Team (CERT-in) said the vulnerability faced by such Apple Watch users are of high severity rating.

The vulnerabilities are due to a buffer overflow in AppleAVD component, an authorisation issue in AppleMobilityFileIntegrity component, out-of-bounds write in Audio, ICU, and WebKit component.

Also read: Apple AirPods to soon warn users about their surroundings

CERT-in has given other aspects of vulnerabilities too. These include, “type confusion in Multi-touch component, Multiple out-of-bounds write and memory corruption in GPU Drivers component, out-of-bounds read in Kernel component, and memory initialisation in libxml2 component.”

A remote attacker could exploit these vulnerabilities by sending a specially-crafted code to the watch, CERT-in said.

Apple has acknowledged the vulnerability highlighted by CERT-in, and highlighted under AppleAVD impact.