Le Lézard
Classified in: Science and technology
Subject: Product/Service

Approov Identifies and Addresses Apple Watch Security Issues


Approov, the leader in mobile security, today revealed new data indicating that watches, wearables and new devices are now the weakest link in the mobile app threat landscape.

Key findings include:

The findings were released in today's Approov blog "Approov Addresses Apple Watch Security Issues" at this link: https://approov.io/blog/apple-watch-security-issues

Apple and MIT recently published a study indicating that 2.6 billion personal records were exposed through data breaches over the last two years. These findings underscore the need for protecting data in the cloud through mobile attestations and improved API security.

Approov, a trailblazer in mobile app and API security, addresses this threat directly with Release 3.2. The release introduces groundbreaking features, including the first commercially available App Attestation Solution for Apple WatchOS to provide API Protection against emerging threats.

The release also includes Harmony OS support and deployment of extended global Points of Presence (PoPs), and improved ease of deployment and administration.

Approov's Runtime Application Self Protection (RASP) defenses are also strengthened by extending threat detections to include the latest versions of tools used by hackers to attack apps and APIs.

"The newly released Apple Watch Series 9 and Ultra 2 will certainly be the gift of choice this Christmas. However, as watches and wearables proliferate and communicate directly with backend APIs, attack surfaces are exposed on these devices," said Approov CEO Ted Miracco. "You are as strong as your weakest link and taking care of mobile app security is worthless if an attacker finds a path from a wearable to your APIs and exposes you to potential data loss, malware injection, Man-in-the-Middle attacks, credential stuffing or DDoS attacks."

The danger is real: In September, Citizen Lab found an actively exploited zero-click Apple vulnerability which was used to deliver NSO Group's Pegasus mercenary spyware. Apple acknowledged the threat to all their devices, issuing a specific WatchOS Security briefing (https://support.apple.com/en-mide/106360) on November 9 concerning a vulnerability in Apple Wallet on WatchOS. Apple quickly released a fix but acknowledged that "A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited".

Approov now extends all the protections available on mobile apps to WatchOS. Approov support of WatchOS allows direct registration of WatchOS apps and ensures API protection against malicious traffic that is communicating directly from the watch to the cloud. WatchOS support is added to the existing support for Android Wearable Devices (which has been available since Version 3.0)

Approov Adds Huawei HarmonyOS Support: A Global Imperative

As a widely adopted operating system in regions such as China, India, the Middle East, and Africa, HarmonyOS plays a crucial role in the global mobile ecosystem. Recognizing the prevalence of this platform, Approov now ensures that mobile applications operating on Huawei devices are seamlessly integrated into our attestation services.

Approov attestation services traditionally supported Android and iOS devices, but the inclusion of Huawei HarmonyOS significantly broadens our platform coverage. This expansion is vital to offering a truly global solution, as any unattested mobile application poses a potential risk to API security, regardless of its geographical origin.

In collaboration with Cylab-Africa, Approov reinforces its commitment to a global solution for mobile app security. Version 3.2 extends support for Huawei app store deployments, catering to developers worldwide.

Enhanced High-Performance Worldwide Coverage

Approov expands its global network with new Points of Presence in São Paulo, Brazil and Singapore. These additions, coupled with existing points of presence (PoPs) in Europe (Dublin) and North America (California), create a worldwide low-latency mobile attestation network.

"At Approov, we understand that our global customer base requires the highest-performing mobile attestation network. Our expanding customer base in South America and the Asia Pacific region demands not just security but performance. Our commitment to providing superior security solutions wherever our customers operate is essential to protection against an evolving mobile threat landscape." - Theodore A. Miracco, CEO, Approov Inc.

This move bolsters Approov's commitment to achieving new levels of security by mitigating bot attacks, Man-in-the-Middle (MitM) attacks, account takeover (ATO) and other threats to mobile APIs, thus ensuring optimal performance and reducing fraud and data breaches.

New Threats are Addressed

The new release also boosts Approov's RASP feature set to include new countermeasures against emerging and evolving threats. This includes significant hardening improvements to the SDK, including static and dynamic anti-tamper measures. Additionally, Approov's ThreatLabs have developed further Android based detections for DobbyHook, Magisk, Zygisk, and Zygisk-Frida to fortify defenses against these advanced hacker tools. These changes augment the comprehensive suite of detections that are already implemented. In addition, the dynamic security-policy update facility will be used to improve the detection capabilities of existing deployed apps that currently use Approov's previous SDKs.

Increased Ease of Use for DevOps/Developers

Approov continues to focus on easing the security burden for developers, DevOps and DevSecOps teams. New features simplify app registration and management, providing an automated and streamlined integration experience. The elimination of the need for individual app registrations and the introduction of tools for managing different app versions reduce complexity. Approov also enhances the registration of developer devices for testing, ensuring a secure and efficient device farm testing process.

Approov Mobile App and API Security Software Release 3.2 reaffirms the Company's commitment to continued innovation in order to ensure there are no weak links for its customers.

Upgrades to Approov Version 3.2 will be included as part of Approov's Software-as-a-Service Mobile Security platform. New customers can embrace the future of mobile app and API security by starting a free 30-day trial by registering at Approov.io. For more information, visit Approov.io or follow on X.com @approov_io.


These press releases may also interest you

at 03:25
With both institutional and individual investors looking to semi-liquid strategies for diversification and customization, EQT broadens portfolio with the introduction of EQT Nexus InfrastructureEQT Nexus Infrastructure offers exposure to EQT's...

at 03:22
Saviynt, a leading provider of cloud-native identity governance solutions, today announced the appointment of Sunil Kedaraji as Vice President of Partner Sales for APJ (Asia-Pacific and Japan). This strategic hire reflects Saviynt's commitment to...

at 03:20
Sinch (Sinch AB (publ)) ? (XSTO: SINCH), which is pioneering the way the world communicates through its digital Customer Communications Cloud today announced a strategic partnership with Aduna, a new venture formed by Ericsson  and some of the...

at 03:09
Report on how AI is redefining market landscape - The robotic process automation (RPA) market and it is set to grow by USD 40.56 billion from 2025 to 2029. However, the growth momentum will progressing at a CAGR of over 42.1% during the forecast...

at 03:05
EdgeConneX®, a pioneer in global Build-to-Suit and Build-to-Density data center solutions, is proud to announce a three-year sponsorship agreement with Lucan Sarsfields GAA Club. This partnership will directly support the Senior Camogie and...

at 03:05
Usercentrics, the leading European privacy tech company, has announced that it has surpassed 100,000 paying B2B customers as brands embrace privacy-first strategies to meet regulations and respond to evolving consumer expectations. With nearly 80%...



News published on and distributed by: