A month after two serious vulnerabilities were discovered in Apple products, a whopping 26 new vulnerabilities have come to light in Apple Watches, all of which have been certified as ‘high’ severity by the Indian Computer Emergency Response Team (CERT-In).
The Free Press Journal had in its May 22 edition reported how the two serious vulnerabilities affecting Apple Watch, TV and Mac had come to light, with the one affecting the Mac operating system being serious enough to deserve a ‘Critical’ severity rating.
The advisory regarding the 26 new vulnerabilities was issued by the CERT-In on Friday, warning about the vulnerabilities affecting all versions of the Apple Watch operating system prior to Version 8.7. Apple’s own update on its official website lists out all the affected products, which are from the Apple Watch 3 and Apple Watch 4 series.
CERT-In’s advisory summarises that there are multiple components within the operating system that have these vulnerabilities, including its audio and multi-touch functions.
“A remote attacker could exploit these vulnerabilities by sending a specially crafted request. Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code and bypass security restrictions on the targeted system,” CERT-In has stated.
A specially crafted message is any message containing hidden code that is sent to the target device. This is sent by hackers in the form of emails, messages or documents.
As smartwatches are equipped to access and read all such forms of incoming communication, opening any such messages would make them automatically vulnerable to external attack. With the number of vulnerabilities being as high as 26 at the same time, the device is rendered especially insecure, security experts said.
Each of the vulnerabilities has been acknowledged by Apple as well as assigned a Common Vulnerabilities and Exposures (CVE) number, which is the official confirmation of a vulnerability in the cyber security community.
In an update released on its website on Wednesday, Apple listed out each of the affected products and also detailed what the vulnerability was as well as how it was fixed, while also giving credit to independent cyber security researchers who discovered and reported the vulnerabilities. Apple Watch users are advised to immediately download the latest software updates so that the patches can be installed on their Watches.
Neither CERT-In nor Apple has made any statement as to whether any of these vulnerabilities have been actively exploited as yet.