Why You Should Update to the Latest iOS, OS X Versions Immediately

HIGHLIGHTS

Cisco's Talos Intelligence security unit found the image-based bug
The bug can be used for undetected remote code execution
Image file formats are tiff, bmp, dae, and OpenEXR

A Cisco researcher has highlighted vulnerabilities in iOS,OS X, tvOS, and watchOS. These operating systems are said to be vulnerable to malware that's been embedded in an image file. The malware, which can allegedly run undetected, allows the attacker to achieve remote code execution on the infected system.

Cisco Talos' Tyler Bohan said that users could receive the file via MMS or email, or even be exposed to it when it's placed on a malicious webpage. The remote code execution vulnerabilities were found in the way Apple operating systems access image data using APIs - specifically, Apple Core Graphics API, Scene Kit, and Image I/O.

Image formats that can be used to exploit these vulnerabilities are tiff (tagged image file format), bmp (bitmap), dae (digital asset exchange), and OpenEXR. While the tiff and bmp formats can infect OS X, iOS, watchOS, and tvOS; OpenEXR and dae can infect only OS X machines.

Luckily for users of the above-mentioned Apple operating systems, the Cupertino-based company has patched all the vulnerabilities in the latest versions - iOS 9.3.3, OS X El Capitan v10.11.6, tvOS 9.2.2, and watchOS 2.2.2. If you are currently running a version older than these, it is highly recommended you update to the latest version to avoid the vulnerabilities.

Bohan on the Talos Intelligence blog post described why the vulnerabilities are especially bad. "Image files are an excellent vector for attacks since they can be easily distributed over Web or email traffic without raising the suspicion of the recipient. These vulnerabilities are all the more dangerous because Apple Core Graphics API, Scene Kit and Image I/O are used widely by software on the Apple OS X platform," he said.

Comments

Sri Lanka Police Arrest Teen for Hacking President's Website to Postpone ExamAgence

30 August 2016 Sri Lanka's police Monday arrested a 17-year-old teenager for hacking into President Maithripala Sirisena's official website and posting a message calling for the postponement of A-level examinations. The unnamed boy was taken into custody under the Computer Crimes Act and on conviction faces a fine of LKR 300,000 ($2,000) and up to three years in jail. "We traced the hack to his home in Kadugannawa," a police official said referring to a town about 100 kilometres (62 miles) east of the capital Colombo. "The website was crippled over the weekend after the attack." On Monday, the president's official site was up and running again. The attacker had removed the home page of the website and replaced it with a demand that the President postpone the ongoing GCE Advanced Level examinations or step down. Sri Lankan websites had been hacked in the past, but this was the first time that a teenager had been arrested under th...

Hello Moto: A Look Back at Six Classic Moto Phones

12 December 2016 HIGHLIGHTS Motorola was the first company to ship a cellphone Its biggest hit was the Moto RAZR V3 Today, Motorola is a part of Chinese electronics giant Lenovo Recently, we relived the past with Nokia’s most memorable phones of all time. Although there may be a lot of fanboys and fangirls of the Finnish brand, many have equally strong feelings for the daddy of all mobile phone brands - Motorola. Its name will forever be etched in history as the first company to sell a mobile phone - the DyanTAC 8000X - in 1983. Since then, Motorola has been an easily identifiable brand to almost everybody in the world. Its designs were often strikingly unique and at the same time, Motorola phones often gave out a vibe that these devices mean business. Today, we’ve handpicked some of the most memorable Motorola phones we’ve come across. Here are our picks for the six most memorable Motorola phones of all time. 1) Motorola ...

ChatSim 2 Launched With Unlimited Internet Access and Messaging, to Be Showcased at MWC 2018

25 February 2018, Shivashish Bhunia Before Reading this up, just check out my Bestie's Page For Amazing Quotes and Poetry Content! https://www.theparadoxwhowritez.blogspot.com HIGHLIGHTS The second-gen variant offers access for all mobile apps in its core plan World premiere of ChatSim 2 will take place at MWC 2018 in Barcelona It provides unlimited to messaging apps like WhatsApp and WeChat SIM card provider ChatSim on Thursday announced the launch of its latest ChatSim 2 SIM card in Milan, Italy. The second generation of the company's proprietary SIM card now claims to offer Internet surfing with "free and unlimited data traffic." The SIM card can provide data access without limitations, roaming charges, or Wi-Fi connectivity. The annual plan also lets you send text messages across 165 countries. ChatSim 2 will have its world premiere at Mobile World Congress 2018 in Barcelona from February 26-March 1, and more ...

Android Masters Incorporated

Search This Blog