Pebble Firmware
Monthly
CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.