Apple Watch Series 1 and later Missing Authorization Vulnerability

Summary

A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled

Credit:

The information has been provided by Peter Scott

The original article can be found at https://support.apple.com/HT211103


Details

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.

Vulnerable Systems:

Apple Watch Series 1 and later

    CVE Information:

    CVE-2020-3891

    Disclosure Timeline:
    Published Date:04/08/2020

    Categories: FeaturedNews