Google issues patches for flaws in Pixel Watch, including one critical
Take action: If you are using Google Pixel Watch, time to learn more: The vulnerabilities can be exploited locally, so an attacker needs access to your device. Nevertheless, it's wise to update the watch, since it's possible that other vulnerabilities will be chained with these and create a remote exploit.
Learn More
Google has released a set of security patches for its Pixel Watch that merit immediate update. Among the vulnerabilities addressed are:
- CVE-2023-48418 (CVSS3 score 10), a critical flaw in the google_clockwork component allowing privilege elevation through an insecure default value in DeviceVersionFragment.java. This vulnerability enables adb access prior to the Setup Wizard's completion, facilitating local privilege escalation without user interaction.
- CVE-2023-4164 (CVSS3 score 8.4), a potential information disclosure due to a missing permission check. The consequence of this flaw is the potential local disclosure of sensitive health data stored on the device, without the need for additional execution privileges.
Google strongly advises users to update their devices to the December 2023 security patch level, emphasizing the importance of cybersecurity in protecting personal data and device integrity.
