Apple published another security update on Friday night. This time the Apple Watch computer clock is affected. She received update 7.6.1, which, according to the company, is an “important security update”. In fact, it is a fix for a bug that was fixed on Mac, iPhone and iPad three days ago. Why the Apple Watch had to wait here remains unclear. A tvOS version – that would be the last remaining platform of the group with a visible user interface – of the fix does not yet exist.
Same bug all over again
Noisy Apple’s information watchOS 7.6.1 fixes a bug in the central routine IOMobileFrameBuffer. According to reports to Apple, this is already being actively exploited and is treacherous because it allows attackers to execute arbitrary code with kernel privileges – through an app that is already available on the device. The bug itself is a memory bug. Exploit code and further explanations of an IT security expert who apparently drew attention to the problem in March already exist. Strangely enough, Apple only mentions an “anonymous security researcher” as the source. watchOS updates are imported directly via the computer clock (system settings) or via the iPhone.
It is still being determined whether the IOMobileFrameBuffer problem could be at least part of the exploit chain of the highly problematic spyware Pegasus, of which it is still not clear whether Apple has finally fought it. However, the release of the patches for only one vulnerability at a time shows how seriously the bug is to be taken. Accordingly, users should urgently install the update.
User doesn’t notice anything
Pegasus is a so-called zero-click attack that is apparently carried out via iMessage and Apple Music. Users do not have to do anything else to become infected – that is, they do not have to click on a link or “consciously” capture malicious code in any other way. Experts consider this to be highly problematic. You have already asked Apple to rewrite important program parts in the operating system in order to put a stop to such bugs.
It is still unclear whether the IOMobileFrameBuffer error also affects older macOS versions; Apple has not yet provided corresponding updates for Catalina or Mojave.