The most serious of the bugs is in TIFF image processing, named CVE-2016-4631. Web pages, MMS and iMessages all do this.
Advertisement
TIFF is a useful format, particularly famous among photographers and graphic designers who use it to save the image without losing any of the image’s data. TIFF, however, is the most unsafe in this case because the exploit can be triggered by simply receiving an image.
There’s a new security threat for OS X and iOS that could let attackers remotely control your device or install malware by sending you an image file.
Bitmaps, despite their nearly prehistoric structure, can be exploited to misreport size information and cause an out of bounds memory write, again resulting in code execution when combined with an application using Apple Core Graphics API.
CVE-2016-4631 patches a vulnerability in the way in which the Image Input/Output (I/O) application programming interface (API) parses and handles tiled TIFF image files.
The security gaps were discovered by Tyler Bohan, a researcher with Cisco Talos, a unit of Cisco that works on security. In both instances, the flaw has to do with the way the operating system processes multimedia files. And with that phone number-which is easy enough to find, guess, or just pick randomly-a hacker can access every stored password on the device.
Among the mainstream apps that use Image I/O for rendering is Messages, which automatically attempts to display images.
Being referred to as “Apple Remote Code Execution With Image Files”, this vulnerability can be exploited by hackers to land into iOS, Mac OS X, tvOS, and watchOS systems using The Tagged Image File Format (TIFF).
What’s even more worrying is that the scale of this potential vulnerability is off the charts. According to Apple, 14 per cent of iOS devices run iOS 8 or earlier, the software which the vulnerability is present.
Advertisement
Cisco did not release details of the vulnerability until it was patched by Apple, but you should ensure all your devices are running the latest versions to ensure you are protected.
