We all know that Apple is famous for its security measures and multimedia features. However, sometimes the most trusted one can also be the weakest link that anyone can exploit. The exact incident has happened to iPhone Smartwatches, recently.
Most importantly, the Indian govt. took the initiative to alert users to make amendments by upgrading their watches’ IOS asap. But here we’re surrounded by various questions. What’s the whole scenario, and how come it is possible that Apple made such a big mistake? Let’s find out!
APPLE VULNERABILITIES ARE AT PEAK
The one who doesn’t like to compromise with the safety measures within their work has left a high-severity issue in the backside. The issues are as follows:
- Version 8.7 of Apple Watches has several security vulnerabilities.
- Due to these severe vulnerabilities, an attacker can run arbitrary code, and because of that bypassing security restrictions will be easy for the attacker.
SOLUTION PROVIDED BY GOVT. TO APPLE USERS
When the Indian govt. saw that this vulnerability can be harmful from the viewpoint of the security measures, they provided these suggestions:
- Update to the new version of the OS of their watches, that’s to get the patches made for reducing the impact of the vulnerabilities.
- Apple Co. also provided information on the vulnerabilities mentioned in the report to support users.
(CERT-in) Indian Computer Emergency Response Team
Even according to this team, the Apple Watch Version 8.7 was affected by multiple vulnerabilities. This vulnerability got the ranking in the high-severity category which was given by the Nodal Agency.
Reason For This Vulnerability
The existence of this loophole was caused by a buffer overflow in the Apple AVD Component. Moreover, the reason for these vulnerabilities could be:
- Type confusion in multi-touch component
- Memory corruption in GPU Drivers Component
- Memory initialization in libxml2 component
- Multiple out-of-bounds write
- Out-of-bounds read in the kernel component
- Authorization issue in the Apple Mobile File Integrity component
- Out-of-bounds write in AudioDue to these flaws, an attacker can gain access to the victim’s devices. By the time the attacker gets access to the device, snatching personal data stored in the device won’t be a problem for the attacker.
Within the new version of the OS available in the watch, the vulnerabilities were fixed in time.
Apple Security Updates Page…
Natalie Sivanovich, Google Project Zero Team, was the one who observed the error CVE-2022-32788 and the flaw pointed out by Cert-In. So, problems could arise for even the most protected technologies. But to secure yourself you just need to maintain your data management and read about the updates, carefully!