The Indian Computer Emergency Response Team (CERT-In), the nodal cyber security agency under the Ministry of Electronics and Information Technology (Meity), has issued an advisory urging users of the Apple Watch smartwatch to update their devices. The agency said on Friday, July 22 that Apple’s WatchOS, the operating system underlying Apple’s smartwatch, carried a security flaw that could allow hackers to remotely bypass security restrictions on the device, and steal data.
The CERT-In advisory states that there were “multiple” vulnerabilities in Apple’s WatchOS 8.6, which was the penultimate version of WatchOS. These vulnerabilities could be leveraged by a cyber attacker to execute arbitrary remote code — which would allow them to gain privileged access to sensitive user data. In simpler terms, a flaw in the code of WatchOS software could allow attackers to remotely access user data — without any permission being allowed by a user.
Apple issued a patch for these vulnerabilities on Wednesday, July 20 as part of its WatchOS 8.7 update. The list of security issues patched by Apple stated that the particular issue mentioned by CERT-In, listed under CVE-2022-32788, was discovered by security researcher Natalie Silvanovich of Google’s Project Zero team.
Apple’s update also patched a host of other vulnerabilities on the system, which would have allowed apps on Apple’s software to be breached by hackers to gain privilege access on devices. Using such privilege, hackers could get access to sensitive user data such as health and fitness data, geolocation and other services.
Users are advised to apply Apple’s latest update, WatchOS 8.7, in order to fix such security risks.
Such security risks are relatively routine in nature, and most companies providing popular operating systems around the world, such as Google’s various versions of Android, Microsoft’s Windows and Apple’s iOS, macOS and WatchOS, offer regular security updates to patch vulnerabilities. These security flaws are regularly flagged by researchers around the world, and regular patches are rolled out for the same.