Major security updates issued for Fitbit Sense, Versa 3 and other Fitbit smartwatches
Fitbit is currently distributing several updates for various models, all of which focus on fixing important or critical security problems. Initially, the company issued Fitbit OS 5.3.1 for the Sense and Versa 3, which Fitbit described as including 'bug fixes, improvements, and an important security update'. Supposedly, the latter fixes a vulnerability that 'could compromise data security and allow access to confidential or sensitive data', if exploited.
However, Fitbit notes that the vulnerability cannot lead to a full code execution. 9to5Google notes that there are no noticeable changes, though. Meanwhile, Fitbit has started issuing v1.100.76 for the Charge 4, which includes the following changelog:
The security update patches a vulnerability that, if exploited, could allow attacker-supplied code to gain unrestricted access and potentially go undetected by the customer.
We recommend that you apply a critical update immediately.
Moreover, Fitbit has included the same warning for the latest Ace 3 and Inspire 2 update, which arrive as 1.134.76 and 1.124.76, respectively. For some reason, Fitbit has not provided any details about the vulnerability. Also, it is a shame to see Fitbit leaving other bugs on the table, such as Bluetooth synchronisation issues with the Sense and Versa 3 following an Android 13 upgrade with a paired smartphone.
Source(s)
Fitbit via 9to5Google
