A critical vulnerability in Google Messages for Wear OS, identified as CVE-2025-12080, allows malicious applications to send SMS messages from users’ smartwatches without their consent, as reported by security researcher Gabriele Digregorio. This flaw arises from the improper configuration of intent handlers, which bypass typical security measures, exposing users to potential financial fraud and account takeovers. Google has issued security updates to address the vulnerability, urging users to update their devices immediately. The incident highlights the need for rigorous security assessments of messaging applications, underscoring the risks associated with platform-specific implementations that can undermine established security protocols.