This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple watchos |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources High school student and Amnesty International named among bug-finders
Apple has issued a bushel of security updates and warned that three of the flaws it's fixed are under active attack. The three are CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, all of which impact the WebKit browser engine that Apple champions and employs in its Safari browser – and demands be used by other browsers on iOS. CVE-2023-32409 means "A remote attacker may be able to break out of Web Content sandbox." Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill...