Apple Fixed a Critical Vulnerability In WatchOS

apple flaw

Tech giant apple has patched a security vulnerability in it's watchOS, which the company warned could allow an attacker to steal online account credentials or serve malwares.

The vulnerability "Doubledirect"  is a type of ICMP Redirect "Man-in-the-Middle" attack (MITM) enabling an attacker to redirect a victim's traffic to the attacker's device. 

Once redirected, the attacker can steal credentials and deliver malicious payloads to the victim’s device that can not only quickly infect the device, but also spread throughout a corporate network.

Zimperium, the company who discovered the DoubleDirect attacks in-the-wild last year, said in a blog post, "We've observed the DoubleDirect ICMP attack in-the-wild in over 30 countries. Unlike most ICMP Redirect MITM implementations which are only half-duplex (except for InterceptNG's project), DoubleDirect allows full-duplex MITM. An attacker can then fully intercept the communication from both the victim and the gateway."

The apple watch users are advised to update watchOS to the latest version via a trusted network - definitely not on a public or unmanaged corporate network.

No comments

Powered by Blogger.