Vulnerabilities

This vulnerability allows hacking Apple Watch and Apple TV

Although exploiting vulnerabilities in Apple developments is unusual, new security flaws are frequently reported, the scope of which, according to vulnerability testing specialists, varies depending on the affected product.

This time, the discovery of multiple vulnerabilities was reported in Xcode, Safari, iTunes for Windows, iOS, iPadOS and macOS, as well as the finding of two potentially critical flaws in tvOS and watchOS, operating systems of Apple Watch and Apple TV. According to the report, exploiting these vulnerabilities could allow arbitrary code execution.

Casual users may not be familiar with all of
these products, so below is a review of the developments affected by these
flaws:

  • tvOS
    is the operating system of Apple TV media player
  • watchOS
    is the mobile operating system for Apple Watch, based on the widely known iOS
    system
  • Safari
    is the browser included in Apple developments
  • The
    iPadOS system, specially designed for electronic tablets. It came to replace
    iOS 12
  • macOS
    is the desktop operating system for Mac computers

As mentioned by vulnerability testing experts,
exploiting critical flaws would lead to arbitrary code execution by a threat
actor with the privileges of an authenticated user. Depending on the privileges
associated with the target user, the hackers could even install third-party
software, view or alter data on the system, and create new accounts with
administrator privileges.

The full list of impacted operating systems
includes:

  • iOS
    prior to 13.3.1
  • iPadOS
    prior to v13.3.1
  • Safari
    prior to v13.0.5
  • iTunes
    for Windows prior to v12.10.4
  • macOS
    Catalina pre-10.15.3, Security Update 2020-001 Mojave and Security Update
    2020-001 High Sierra
  • tvOS
    prior to 13.3.1
  • watchOS
    prior than 6.1.2

On average, the severity of these flaws is
considered to range from high to moderate levels. Flaws can be present in industrial,
domestic and commercial environments.

While no cases of exploitation have yet been reported
in the wild, vulnerability testing specialists from the International Institute
of Cyber Security (IICS) recommend that administrators of the affected systems
remain alert to any update notices from Apple’s official platforms. Other security
recommendations include:

  • Running
    Apple software as an unprivileged user
  • Avoid
    downloading, installing or running software or files from unknown sources
  • Avoid
    browsing unreliable-looking websites or listed as malicious
  • Implementation
    of the Minimum Privilege Principle in all systems and services

To Top

Pin It on Pinterest

Share This