India’s cyber-security agency, the Indian Computer Emergency Response Team or CERT-In, has warned of high vulnerabilities in the Apple Watch ecosystem. The vulnerabilities would allow hackers to bypass the company’s security measures built into Apple’s WatchOS.
In an advisory, CERT-In has said that users should update their Watch OS to the latest security versions rolled out by the company. The vulnerabilities have been reported in versions of WatchOS before the 8.7 version.
This vulnerability might allow attackers to run arbitrary code and bypass security restrictions on the device. This means that attackers could use this security flaw to execute commands on your device remotely. These commands can include ways to bypass the watch’s security restrictions, allowing the attackers access to private information on the smartwatch.
Per the CERT-In vulnerability note, the vulnerabilities exist in Apple Watch models running on older software due to various flaws. These include “buffer overflow in AppleAVD component; an authorization issue in AppleMobileFileIntegrity component; out-of-bounds write in Audio, ICU and WebKit component; type confusion in Multi-Touch component; multiple out-of-bounds write and memory corruption in GPU drivers component,” among others.
“Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code and bypass security restrictions on the targeted system,” the note added.
Apple has already released fixes for these security vulnerabilities in the latest version of its watchOS software for compatible models: Apple Watch Series 3 and above.
To update their Apple Watch, users must ensure that their device has at least a 50 percent battery and is connected to a WiFi network. Open Settings on the watch itself, and navigate to General/Software Update. Users need to follow the on-screen instructions to update their devices if an update is available.