Tuesday, May 26, 2015

FIRST EVER Security update for Apple Watch

Apple rolled out the first security update for its recently launched Apple Watch that uses an iOS-based operating system. Company releases patches for 13 security flaws targeting kernel, Secure Transport, FontParser, the Foundation framework, IOHIDFamily and IOAcceleratorFamily components. According to advisory, security flaw in the FontParser allows execution of arbitrary code via malformed font, while Foundation framework is prone to XML External Entity (XXE) vulnerability due to improper handling of XML files in the NSXMLParser. The OHIDFamily and IOAcceleratorFamily components could allow malicious applications to disclose kernel memory layout. Rest of the issues are related to Kernel. Apple Watch OS 1.0.1 also fixes the FREAK vulnerability that allows an MitM attacker to intercept the encrypted data and force it to use weak encryption to aid further attacks. This security update targets Apple Watch, Apple Watch Sport and Apple Watch Edition. <more>

No comments: