CATEGORIES
home News

Update ASAP! Apple Patches Serious Remote Code Execution Vulnerability In iDevices And Macs

by Brandon HillSaturday, July 23, 2016, 03:11 PM EDT

If you’re one of those folks that lollygags around when it comes to updating your iPhone to the latest version of iOS, you might want rethink that strategy. Apple released iOS 9.3.3 last week, and tucked inside the software update were some operating system tweaks and the usual bevy of security patches.

iPhone 6s Plus

One security patch in particular fixed a rather nasty vulnerability that can leave your Apple device open to attackers using a simple iMessage. The exploit allows an attacker to send a seemingly innocent TIFF image file via iMessage that actually contains a rather malicious payload. Cisco Talos describes the severity of the exploit, writing:

When rendered by applications that use the Image I/O API, a specially crafted TIFF image file can be used to create a heap based buffer overflow and ultimately achieve remote code execution on vulnerable systems and devices. This vulnerability is especially concerning as it can be triggered in any application that makes use of the Apple Image I/O API when rendering tiled TIFF images.

According to Cisco Talos, not only are iMessages vulnerable, but MMS, email messages and webpages that take advantage of Apple’s Image I/O API could also be duped by this TIFF exploit. This all sounds strikingly similar to the Stagefright exploit that dogged millions of Android devices around the globe, however, there’s one critical difference between this new iOS exploit and Stagefright: the speed in which an update is provided.

In the case of Stagefright, it took a while for OEMs to begin pushing out updates to squash the bug (and some older devices never received an update). iOS, on the other hand, has a rather streamlined update process and users tend to take better advantage of the built-in software update mechanism.

Software updates that ward off this TIFF exploit are available across all of Apple’s operating systems including iOS (9.3.3), El Capitan (10.11.6), tvOS (9.2.2) and even watchOS (2.2.2). So unless you want to be the victim of a sophisticated hacker, we recommend that you update all of your Apple devices immediately (if you haven’t already done so).

Tags:  Apple, OS X, ios, (NASDAQ:AAPL), TIFF
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment