Apple fixes 38 security issues in its recent 2.0 release

Sep 22, 2015 02:50 GMT  ·  By

Yesterday, Apple released version 2.0 of its watchOS, the operating system that powers all those cool watches rich people get to wear while playing golf.

The operating system was actually supposed to come out a week earlier, but according to online reports, it was delayed due to a series of bugs, which later turned out to be security-related.

Taking a closer look at the security bulletin that accompanied the watchOS 2.0 release, we see that Cupertino engineers fixed no less than 38 vulnerabilities in their software, by far the biggest security-related update in the product's short history.

Some of the most critical bugs included 12 vulnerabilities that allowed for arbitrary code execution, one which could enable an attacker to track the user's activity, and one that could intercept SSL/TLS connections.

There were also security fixes that addressed bugs that leaked transaction information in Apple Pay, some DoS (Denial of Service) issues, and one bug that allowed attackers with physical access to the watch to read data from the cache.

The changelog also included a dyld issue that allowed an application to bypass code signing, and a few bugs in the IOAcceleratorFamily, one of which let a malicious app determine kernel memory layout.

The last time the watchOS received so many security patches was in May 2015, but not as many as it did yesterday with version 2.0.