It's 2015 and a text file can hack your Apple Watch. IS THIS THE FUTURE YOU WANTED?
It's not the future we wanted
Five days after delaying the release of watchOS 2, Apple has posted an update for its smartwatch operating system.
The watchOS 2 update brings the introduction of native apps for the Apple Watch, a new set of privileges that will allow developers previously limited to iOS applications the ability to access the Watch's microphone, speaker, and both the HealthKit and HomeKit APIs.
The update also brings the addition of new Watch faces, including a set of time-lapse images set to change throughout the day, and a new "nightstand" mode to display a clock face while the Watch is charging at night.
Other new features include the "Time Travel" feature – to view upcoming appointments by turning the Digital Crown (read: dial) on the Watch to move the clock ahead – and support for new Mail, Transit, Apple Pay, and Siri apps on the Watch.
The watchOS 2 update also brings a hefty load of security fixes, addressing 37 CVE-listed flaws in total. Among the flaws Apple patched are remote-code execution flaws that could be exploited by a malicious web page, text file, or audio file.
Other security fixes address a data disclosure flaw in Apple Pay that lets a terminal view recent transactions even when no purchase is made, and a flaw in CoreCrypto potentially allowing an attacker to decrypt a user's private key. Other patched vulnerabilities could allow an attacker with physical access to the Watch to view application data or kernel memory data, while another kernel flaw would allow a malicious application to run with kernel privileges.
Many of the security issues in the watchOS 2 update were addressed in iOS devices with last week's release of iOS 9: watchOS is based on iOS, so bugs in the latter have made their way into the former.
Apple had planned to release watchOS 2 along with iOS 9 last week on September 16. That release was pushed back, however, when Apple was unable to work out bugs in the firmware update in time.
Users can install the update through the Watch app on their paired iOS device, though installing watchOS 2 also requires updating the iOS device to iOS 9.
• Adobe, meanwhile, has posted an update of its own to address 23 flaws in Flash Player for Windows, OS X, and Linux. Adobe said that the patch includes fixes for remote code execution flaws, though no active attacks have been reported in the wild. ®