Menu
First software update for Apple Watch includes security fixes

First software update for Apple Watch includes security fixes

The update patches 13 vulnerabilities and updates the trusted root SSL certificates

You might not be used to the idea of a watch endangering your digital life, but you should: Apple's first update for Watch OS includes 14 security patches, and they're not trivial.

Watch OS 1.0.1, released Tuesday, brings several performance improvements and support for additional languages, but it also fixes 13 vulnerabilities that could enable arbitrary code execution, information disclosure, denial of service, traffic hijacking, privilege escalation and other attacks, and also updates the list of root CA certificates trusted by default on the device.

Eight of the vulnerabilities are located in the OS kernel, including one each in the FontParser, Foundation, IOHIDFamily and IOAcceleratorFamily components and one in the Secure Transport library.

The FontParser vulnerability could be exploited to execute arbitrary code when processing a maliciously crafted font file and one of the kernel flaws could also be exploited by a malicious application to execute rogue code with system privileges.

Other kernel flaws allow man-in-the-middle attackers to redirect user traffic to arbitrary hosts, cause denial-of-service conditions, bypass network filters or compromise encrypted SSL/TLS connections.

The SSL/TLS vulnerability is known as FREAK (Factoring Attack on RSA-EXPORT Keys) and was disclosed by researchers in March. It allows attackers in a position to intercept SSL/TLS connections to downgrade their security if the server supports so-called "export" cipher suites -- '90s-era weak cryptography that's no longer used in practice, but which has remained in client and server implementations.

To install the Watch OS update users will need to open the Apple Watch app on their iPhone and then go to My Watch > General > Software Update. The watch needs to be within range of the iPhone, connected to the charger and at least 50 percent charged.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags patchesApplesecuritymobile securitypatch managementExploits / vulnerabilities

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments