Apple watchOS - Remote Crash Exploit

vendor:

watchOS

by:

Mohammad Reza Espargham

8,8

CVSS

HIGH

Remote Crash Exploit

N/A

CWE

Product Name: watchOS

Affected Version From: watchOS on IOS 9.0.1

Affected Version To: watchOS on IOS 9.0.1

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: IOS

2015

Apple watchOS – Remote Crash Exploit

By setting an alarm with 5000 x “0” in the Clock app, the watchOS on IOS 9.0.1 will crash when the alarm rings.

Mitigation:

N/A

Source

Exploit-DB raw data:

#[+] Title:  Apple watchOS - Remote Crash Exploit
#[+] Product: Apple
#[+] Vendor: www.apple.com
#[+] SoftWare Link : www.apple.com/watchos-2/
#[+] Vulnerable Version(s): watchOS on IOS 9.0.1
#
#
# Author      :   Mohammad Reza Espargham
# Linkedin    :   https://ir.linkedin.com/in/rezasp
# E-Mail      :   me[at]reza[dot]es , reza.espargham[at]gmail[dot]com
# Website     :   www.reza.es
# Twitter     :   https://twitter.com/rezesp
# FaceBook    :   https://www.facebook.com/reza.espargham


#  1. open your phone Clock / goto Alarm
# 2. add alarm / set time [for example two minutes later]
# 3. click label /  input 5000 x “0"
# 4. Save
# 5. Lock Your phone and wait for alarm
# 6. When the alarm clock rings / Watch Crashed ;)