Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Stupid question: I use Apple Watch SE 2020…

iHorseHead

iHorseHead

macrumors 68000
Original poster
Jan 1, 2021
1,651
2,047
Hello,
I use Apple Watch SE 2020 and now that Apple will drop the support for it, what would it really mean to me? I use it to monitor my sleep and heartbeat and tell time and to unlock my Mac. Why would I need security updates on my watch? Why are people so concerned about it? Should I be worried about something or I can keep using it till it dies?
 
Apple doesn't typically stop providing security update for the current OS on the release of a new OS. Lots of scaremongering at the moment but it's highly likely you'll get at least another year of security updates.
 
  • Like
Reactions: mgscheue
Howard2k said:
Apple doesn't typically stop providing security update for the current OS on the release of a new OS. Lots of scaremongering at the moment but it's highly likely you'll get at least another year of security updates.
Click to expand...
But why should I even care about security updates on a watch?
 
You have health related data, keys, unlock your Mac, wallet,… so I think it’s worth keeping security updates. In general support for security updates is left for a while. AW3 was sold as new at least until they declared they’d drop support for the next OS version.
 
  • Like
Reactions: mgscheue, iHorseHead and Howard2k
Nothing is likely to happen. Be sure to set up your passcode. That way only you can open it. You should get security updates for another year or two. It's two years with iPhone. You'll be fine.
 
  • Like
Reactions: iHorseHead
cubodado said:
You have health related data, keys, unlock your Mac, wallet,… so I think it’s worth keeping security updates. In general support for security updates is left for a while. AW3 was sold as new at least until they declared they’d drop support for the next OS version.
Click to expand...

Agreed. Possibly contacts, photos, audio notes, location information of your other devices, emails too. There's potentially a lot of data on these little things, depending how they're configured.
 
iHorseHead said:
But why should I even care about security updates on a watch?
Click to expand...
Yea, it's not like someone that had compromised the security of your watch could potentially pinpoint your location 24/7, intercept your two-factor login codes, read SMS or email responses to password reset requests, perform Apple Pay transactions or anything like that. o_O
 
Bichon said:
Yea, it's not like someone that had compromised the security of your watch could potentially pinpoint your location 24/7, intercept your two-factor login codes, read SMS or email responses to password reset requests, perform Apple Pay transactions or anything like that. o_O
Click to expand...
I sense sarcasm but has something like this happened? So the Apple Watch 3 is very vulnerable?
 
iHorseHead said:
I sense sarcasm but has something like this happened? So the Apple Watch 3 is very vulnerable?
Click to expand...
Read the release notes from some of the WatchOS security updates, and you'll often see Apple say they are aware that an vulnerability in their code has been actively exploited.

For example, https://support.apple.com/en-ca/103149

====

watchOS 7.6.2​

Released September 13, 2021
CoreGraphics

Available for: Apple Watch Series 3 and later

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30860: The Citizen Lab
====

Okay, maybe not the best example, as I doubt many people open a PDF on their watch, but I just grabbed the first one I found that enables the bad guy to get arbitrary code execution, which means a successful attacker can run what he wants. Chances are, if you're not a journalist, public figure, CEO, etc. your chance of being a victim is pretty low, but you asked why you should be concerned about security updates, and I pointed out some of the things that a bad guy performing a successful exploit could potentially steal.
 
  • Like
Reactions: mgscheue
Bichon said:
Read the release notes from some of the WatchOS security updates, and you'll often see Apple say they are aware that an vulnerability in their code has been actively exploited.

For example, https://support.apple.com/en-ca/103149

====

watchOS 7.6.2​

Released September 13, 2021
CoreGraphics

Available for: Apple Watch Series 3 and later

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30860: The Citizen Lab
====

Okay, maybe not the best example, as I doubt many people open a PDF on their watch, but I just grabbed the first one I found that enables the bad guy to get arbitrary code execution, which means a successful attacker can run what he wants. Chances are, if you're not a journalist, public figure, CEO, etc. your chance of being a victim is pretty low, but you asked why you should be concerned about security updates, and I pointed out some of the things that a bad guy performing a successful exploit could potentially steal.
Click to expand...
You're right. This isn't the best example. I meant myself specifically. I don't really have anything important and no money either.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back