|CERT-In Vulnerability Note
Multiple vulnerabilities in Apple Watch
Original Issue Date:July 22, 2022
Severity Rating: HIGH
- Apple watchOS versions prior to 8.7
Multiple vulnerabilities have been reported in Apple watch which could allow an attacker to execute arbitrary code and bypass security restriction on the targeted system.
These vulnerabilities exist in Apple watch due to buffer overflow in AppleAVD component; an authorization issue in AppleMobileFileIntegrity component; out-of-bounds write in Audio, ICU and WebKit component; type confusion in Multi-Touch component; Multiple out-of-bounds write and memory corruption in GPU Drivers component; out-of-bounds read in Kernel component; and memory initialization in libxml2 component. A remote attacker could exploit these vulnerabilities by sending a specially-crafted request.
Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code and bypass security restriction on the targeted system.
Apply appropriate patches as mentioned in the
Apple Security Updates
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003