Update ASAP! Apple Patches Serious Remote Code Execution Vulnerability In iDevices And Macs

by Brandon Hill — Saturday, July 23, 2016, 03:11 PM EDT

If you’re one of those folks that lollygags around when it comes to updating your iPhone to the latest version of iOS, you might want rethink that strategy. Apple released iOS 9.3.3 last week, and tucked inside the software update were some operating system tweaks and the usual bevy of security patches.

One security patch in particular fixed a rather nasty vulnerability that can leave your Apple device open to attackers using a simple iMessage. The exploit allows an attacker to send a seemingly innocent TIFF image file via iMessage that actually contains a rather malicious payload. Cisco Talos describes the severity of the exploit, writing:

When rendered by applications that use the Image I/O API, a specially crafted TIFF image file can be used to create a heap based buffer overflow and ultimately achieve remote code execution on vulnerable systems and devices. This vulnerability is especially concerning as it can be triggered in any application that makes use of the Apple Image I/O API when rendering tiled TIFF images.

According to Cisco Talos, not only are iMessages vulnerable, but MMS, email messages and webpages that take advantage of Apple’s Image I/O API could also be duped by this TIFF exploit. This all sounds strikingly similar to the Stagefright exploit that dogged millions of Android devices around the globe, however, there’s one critical difference between this new iOS exploit and Stagefright: the speed in which an update is provided.

In the case of Stagefright, it took a while for OEMs to begin pushing out updates to squash the bug (and some older devices never received an update). iOS, on the other hand, has a rather streamlined update process and users tend to take better advantage of the built-in software update mechanism.

Software updates that ward off this TIFF exploit are available across all of Apple’s operating systems including iOS (9.3.3), El Capitan (10.11.6), tvOS (9.2.2) and even watchOS (2.2.2). So unless you want to be the victim of a sophisticated hacker, we recommend that you update all of your Apple devices immediately (if you haven’t already done so).

Tags: Apple, OS X, ios, (NASDAQ:AAPL), TIFF

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.

Which New GPU Is For You?

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now