Why You Should Update to the Latest iOS, OS X Versions Immediately

HIGHLIGHTS

Cisco's Talos Intelligence security unit found the image-based bug
The bug can be used for undetected remote code execution
Image file formats are tiff, bmp, dae, and OpenEXR

A Cisco researcher has highlighted vulnerabilities in iOS,OS X, tvOS, and watchOS. These operating systems are said to be vulnerable to malware that's been embedded in an image file. The malware, which can allegedly run undetected, allows the attacker to achieve remote code execution on the infected system.

Cisco Talos' Tyler Bohan said that users could receive the file via MMS or email, or even be exposed to it when it's placed on a malicious webpage. The remote code execution vulnerabilities were found in the way Apple operating systems access image data using APIs - specifically, Apple Core Graphics API, Scene Kit, and Image I/O.

Image formats that can be used to exploit these vulnerabilities are tiff (tagged image file format), bmp (bitmap), dae (digital asset exchange), and OpenEXR. While the tiff and bmp formats can infect OS X, iOS, watchOS, and tvOS; OpenEXR and dae can infect only OS X machines.

Luckily for users of the above-mentioned Apple operating systems, the Cupertino-based company has patched all the vulnerabilities in the latest versions - iOS 9.3.3, OS X El Capitan v10.11.6, tvOS 9.2.2, and watchOS 2.2.2. If you are currently running a version older than these, it is highly recommended you update to the latest version to avoid the vulnerabilities.

Bohan on the Talos Intelligence blog post described why the vulnerabilities are especially bad. "Image files are an excellent vector for attacks since they can be easily distributed over Web or email traffic without raising the suspicion of the recipient. These vulnerabilities are all the more dangerous because Apple Core Graphics API, Scene Kit and Image I/O are used widely by software on the Apple OS X platform," he said.

Comments

Hello Moto: A Look Back at Six Classic Moto Phones

12 December 2016 HIGHLIGHTS Motorola was the first company to ship a cellphone Its biggest hit was the Moto RAZR V3 Today, Motorola is a part of Chinese electronics giant Lenovo Recently, we relived the past with Nokia’s most memorable phones of all time. Although there may be a lot of fanboys and fangirls of the Finnish brand, many have equally strong feelings for the daddy of all mobile phone brands - Motorola. Its name will forever be etched in history as the first company to sell a mobile phone - the DyanTAC 8000X - in 1983. Since then, Motorola has been an easily identifiable brand to almost everybody in the world. Its designs were often strikingly unique and at the same time, Motorola phones often gave out a vibe that these devices mean business. Today, we’ve handpicked some of the most memorable Motorola phones we’ve come across. Here are our picks for the six most memorable Motorola phones of all time. 1) Motorola ...

Nokia 6.1 Gets a Price Cut in India Ahead of Next Week's Nokia 6.1 Plus Launch

Dated: 18 August 2018 HMD Global is selling the Nokia 6.1 at a reduced price in India via its official site Highlights Nokia 6.1 seen to get up to a Rs. 1,500 price cut 3GB RAM variant is priced at Rs. 15,499 & the 4GB model costs Rs. 17,499 Nokia 6.1 Plus has been spotted online ahead of its launch Nokia 6.1 Plus is expected to be unveiled in India on August 21 and ahead of the launch, Nokia licensee HMD Global has dropped the price in India of the Nokia 6.1 or Nokia 6 (2018). Launched in India in April, the Nokia 6.1 was globally unveiled at MWC 2018 in February, but had first been launched in China in January. Later in May, HMD Global had launched another variant of the smartphone. Now, both the variants have received up to a Rs. 1,500 price cut in India. Meanwhile, Nokia 6.1 Plus, the global variant of Nokia X6 that was launched in China in May, has now surfaced online with that name. ...

Sri Lanka Police Arrest Teen for Hacking President's Website to Postpone ExamAgence

30 August 2016 Sri Lanka's police Monday arrested a 17-year-old teenager for hacking into President Maithripala Sirisena's official website and posting a message calling for the postponement of A-level examinations. The unnamed boy was taken into custody under the Computer Crimes Act and on conviction faces a fine of LKR 300,000 ($2,000) and up to three years in jail. "We traced the hack to his home in Kadugannawa," a police official said referring to a town about 100 kilometres (62 miles) east of the capital Colombo. "The website was crippled over the weekend after the attack." On Monday, the president's official site was up and running again. The attacker had removed the home page of the website and replaced it with a demand that the President postpone the ongoing GCE Advanced Level examinations or step down. Sri Lankan websites had been hacked in the past, but this was the first time that a teenager had been arrested under th...

Android Masters Incorporated

Search This Blog