Apple has released watchOS 7.6.1 for Apple Watch Series 3 and later models. The new update contains an important security fix that may have been actively exploited by hackers. This update comes in just a few days after Apple released iOS 14.7.1, iPadOS 14.7.1 and macOS Big Sur 11.5.1 with the same security patch.
watchOS 7.6.1 fixes security flaw possibly used by Pegasus spyware
watchOS 7.6.1 is a minor release compared to watchOS 7.6, which was released with support for ECG and Irregular Rhythm Notifications in 30 new regions. This new minor update just contains a security patch for IOMobileFrameBuffer which is a kernel extension responsible for managing the screen framebuffer. As per Apple’s release notes, this flaw would allow applications to execute code with kernel privileges which is as dangerous as it sounds.
IOMobileFrameBuffer
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30807: an anonymous researcher
The issue was actively exploited, and as we previously covered, the flaw was used by NSO’s Pegasus spyware. This spyware was recently in the news for its use for hacking journalists, human rights activists, and government officials around the world. The issue not only impacted watchOS and other Apple operating systems but it was also used to hack Android devices.
Due to the severity of this issue, it is recommended that users immediately upgrade to the new watchOS software update. To update your Apple Watch, place it on its charger and make sure it has at least 50% charge. On the connect iPhone, go to Watch app > General > Settings > Software Update to download and install the new version.
All eyes are now on watchOS 8 which is currently in beta testing. Check out our ongoing coverage of watchOS 8 below: