News

Apple fixes bug that lets attackers execute malicious code via tiff file

By admin
Spread the love

Apple has released a patch in its latest update round to fix a vulnerability that makes it possible to execute malicious code from a tiff file via an MMS or iMessage. It is then possible to steal personal information.

The bug can also be exploited via an attachment or Safari. For the latter, it is only necessary to visit a site with the malicious code. To run the code, Cisco Talos security researcher Tyler Bohan would require no further interaction with the site other than a visit.

The code is executed by applications that use the Apple ImageIO API. According to the researcher, the api is used for all actions with images on OS X, along with rendering images for Preview and Safari.

On the site of business magazine Forbes, Bohan describes the bug as “extremely critical” because an MMS is executed without further interaction. In this, he says, it is comparable to the Android Stagefright bug when looking at the possible exposure to the bug.

The bug has been named CVE-2016-4631. In the latest update from Apple, the company fixes several bugs related to image processing. Images with file type exr can cause the same problems as tiff files.

iOS users should update to version 9.3.3 to get rid of potential issues. OS X users to 10.11.6.

You might also like
News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

ASUS will produce and support NUC mini PCs after Intel exit

News

Meta introduces open source language model Llama 2, works on PCs and phones