Apple Gives Watch Series 3 Users False Sense of Security, Patching 1 Vulnerability

Apple Gives Watch Series 3 Users False Sense of Security, Patching 1 Vulnerability
Apple News
Apple Gives Watch Series 3 Users False Sense of Security, Patching 1 Vulnerability
Jun 18, 2024

This week, Apple delivered watchOS 8.8.1, an unexpected security update for the Apple Watch Series 3. This was the primary security update viable with the Series 3 since 11 months prior, in July 2022.

This is somewhat of no joking matter, however not for the explanation you could think. The fact that Apple fixed a weakness makes unquestionably, it incredible.

However, that is simply it Apple fixed one, single, singular weakness. Apple has once more started a trend of providing clients with a misguided feeling of safety by delivering deficient patches. Here is the entire story that Apple doesn't believe you should be aware.

What’s the Back Story with WatchOS 8 and Apple Watch Series 3?

Because of reasons that Apple has never unveiled, the Apple Watch Series 3 is the main model stuck on watchOS 8; the Series 4 and later watches are viable with the most recent watchOS 9 updates. Apple's choice to not help watchOS 9 on the Series 3 was perplexing.

WatchOS 8 and Apple Watch Series 3

The organization kept on selling this watch model in the fundamental part of its web-based store until five days before the arrival of watchOS 9. Keep in mind, this was three months after the June 2022 WWDC, when Apple unobtrusively uncovered that the Series 3 wouldn't be viable with watchOS 9, yet Apple kept on highlighting the watch conspicuously in its web-based store for three additional months.

Indeed, even after watchOS 9 was delivered and Apple eliminated Apple Watch Series 3 from the fundamental segment of its internet based store, Apple kept on selling renovated units of the Series 3 for an extra eight months, until Walk 2023.

During this whole time that Apple kept selling the Series 3, Apple delivered unequivocally zero security refreshes for it — regardless of there being known "effectively took advantage of" weaknesses affecting watchOS 8.

It's really a miracle that Apple has not been sued for its gross carelessness. Apple purposely left its clients powerless, and purposely kept selling a gadget with in-the-wild taken advantage of weaknesses.

Does the Release of Watchos 8.8.1 Mean Apple Has Repented?

All in all, since Apple has at long last delivered the main security update for watchOS 8 in almost a year, does that imply that Apple has apologized of its transgressions, and made things ideal for Series 3 watch proprietors?

What we really got with watchOS 8.8.1 was a solitary fix, for a solitary weakness. Indeed, it was an effectively taken advantage of weakness and that is no joking matter, since it implies it was affirmed to have been utilized in genuine assaults.

Does the Release of Watchos 8.8.1 Mean Apple Has Repented

However, it will not be clear to Apple Watch Series 3 clients that the wide range of various weaknesses that have stayed ignored for the beyond 11 months are still there. They'll see the watchOS 8.8.1 update, and notice that it says it's a security update, and introduce it. Also, they won't really think about it.

They'll keep on being willfully ignorant that their watches are still profoundly defenseless. They won't realize that they actually haven't gotten patches for the two effectively taken advantage of weaknesses that Apple tended to just for watchOS 9.0, not to mention many different weaknesses in that update, and handfuls from that point forward that probably additionally influence watchOS 8.

purchased a spic and span Series 3 from Apple toward the beginning of June 2022 (just before Apple quietly uncovered, on a dark page of its site, that Series 3 wouldn't uphold watchOS 9 in only three months with no sign that you'd be cut off from security refreshes before then too)

Purchased a pristine Series 3 from Apple toward the beginning of September 2022 (only days before the arrival of watchOS 9 in light of the fact that Apple didn't make it clear to you that it wouldn't be viable and that you wouldn't get security refreshes any longer) || purchased a repaired Series 3 from Apple in Walk 2023 (uninformed that it was at that point 8 months past its last security update.

I really feel for you, and Please accept my apologies that Apple has violated you and disregarded your confidence along these lines. In the event that you feel that Apple has treated you unreasonably, I trust that in some way.

Somebody at Apple will discover a smart method for making it dependent upon you in a palatable manner. In any case, odds are good that you, dear Series 3 client, aren't in any event, perusing this article, and you might ever know somewhat worse.

Also, odds are, similar to my article back in Spring, this will get no inclusion from the predominant media, and practically zero inclusion from the tech news press, or little outlets that cover Apple news. Furthermore, odds are not very many will at any point be aware of this, and Apple won't feel any commitment to really make things right.

All things considered, who thinks often about a goliath super organization, with more money close by than some other on the planet, intentionally putting its paying clients at serious individual gamble of having their information taken, their gadgets hacked, and their protection disregarded? Certainly there aren't any buyer assurance regulations against things like this. Furthermore, in any case, everybody realizes that Apple is dependably the hero.

Has Apple Ever Done Anything Like This Before?

Apple has committed comparable sins before, albeit past examples were not exactly as offensive. Apple's set of experiences of suspending security refreshes for as of late sold equipment. Several remarkable instances of equipment that Mac cut off from security refreshes soon after their last date of offer were the iPod contact (sixth era) in 2019 and the iPod contact (seventh era) in 2022.

Apple ended the sixth gen only a brief time before WWDC 2019 when the organization quietly uncovered that the sixth gen wouldn't uphold iOS 13 which would be delivered three months after the fact.

Apple Ever Done Anything Like This Before

Macintosh did almost exactly the same thing when it suspended the seventh gen (the last iPod contact model) half a month prior WWDC 2022, when the organization quietly uncovered that the seventh gen wouldn't uphold iOS 16 which would be delivered three months after the fact.

Apple’s History of Providing Incomplete Patches for Older OS Versions

Saving situations where Macintosh dropped help for as of late sold equipment, Mac regularly gives a misguided sensation that everything is OK to Macintosh, iPhone, and iPad clients by giving just particular, carefully chose security refreshes for past variants of macOS, iOS, and iPadOS, individually.

I've composed and spoken about this broadly throughout recent years; see for instance my October 2021 article, Apple's Unfortunate Fixing Arrangements Possibly Make Clients' Security and Protection Problematic.

As I note in that article, Apple some of the time even fails to fix effectively took advantage of weaknesses for past operating system variants, purposely leaving clients powerless against in-the-wild endeavors, unbeknownst to them.

This is a genuine issue, since clients with old equipment that is contrary with the most recent (and completely fixed) operating system and clients who basically don't think they need to redesign, and set it aside for reasons unknown will erroneously believe they're getting all security refreshes, when as a matter of fact their gadgets stay powerless against many exploitable bugs that assailants can use to think twice about security and protection.

Apple ought to either fix all weaknesses that are appropriate to past operating system renditions, or none or on the other hand assuming it's going to single out, Apple ought to give regular, clear admonitions to clients who stay behind on an old operating system.

Apple's ongoing practices mislead clients of more seasoned operating system renditions into believing they're similarly all around as protected as though they were running the flow significant operating system, which is a long way from reality.