Stagefright-like vulnerability discovered on Apple devices, fixed in latest update

Jos

Posts: 3,073   +97
Staff

Android's Stagefright vulnerability has been one of the biggest security issues discovered in the operating system, with nearly a billion devices potentially at risk when first discovered and able to infect devices with a specially crafted text message. Well, it looks like iPhones had their own Stagefright-like bug and Apple has just issued an update to address it.

The flaw was discovered by Cisco Talos senior researcher Tyler Bohan and affects both iOS and OS X devices. The problem lies in how Apple's software handles a TIFF (Tagged Image File Format) format file: ““When rendered by applications that use the Image I/O API, a specially crafted TIFF image file can be used to create a heap based buffer overflow and ultimately achieve remote code execution on vulnerable systems and devices,” said Talos.

The vulnerability is especially concerning as it can be triggered in any application that makes use of the Apple Image I/O API, this includes iMessages, malicious web pages, MMS messages, email clients and more. Whats’a more, since iMessage automatically renders images on its default settings, an attacker would be able to infect its target as soon as the message is received, without the user knowing or being able to prevent it.

Apple issued fixes for the problem earlier this week, so if you have updated to iOS 9.3.3, tvOS 9.2.2, watchOS 2.2.2, and El Capitan v10.11.6 then you should be fine.

The latest iOS update also fixes memory corruption issues in iOS’ CoreGraphics, and a flaw in FaceTime that could allow people on the same network to cause a relayed call to continue transmitting audio while appearing as if the call terminated.

Permalink to story.

 
Back