Why You Should Update to the Latest iOS, OS X Versions Immediately

Why You Should Update to the Latest iOS, OS X Versions Immediately
  • Cisco's Talos Intelligence security unit found the image-based bug
  • The bug can be used for undetected remote code execution
  • Image file formats are tiff, bmp, dae, and OpenEXR

A Cisco researcher has highlighted vulnerabilities in iOS, OS X, tvOS, and watchOS. These operating systems are said to be vulnerable to malware that's been embedded in an image file. The malware, which can allegedly run undetected, allows the attacker to achieve remote code execution on the infected system.

Cisco Talos' Tyler Bohan said that users could receive the file via MMS or email, or even be exposed to it when it's placed on a malicious webpage. The remote code execution vulnerabilities were found in the way Apple operating systems access image data using APIs - specifically, Apple Core Graphics API, Scene Kit, and Image I/O.

Image formats that can be used to exploit these vulnerabilities are tiff (tagged image file format), bmp (bitmap), dae (digital asset exchange), and OpenEXR. While the tiff and bmp formats can infect OS X, iOS, watchOS, and tvOS; OpenEXR and dae can infect only OS X machines.

Luckily for users of the above-mentioned Apple operating systems, the Cupertino-based company has patched all the vulnerabilities in the latest versions - iOS 9.3.3, OS X El Capitan v10.11.6, tvOS 9.2.2, and watchOS 2.2.2. If you are currently running a version older than these, it is highly recommended you update to the latest version to avoid the vulnerabilities.

Bohan on the Talos Intelligence blog post described why the vulnerabilities are especially bad. "Image files are an excellent vector for attacks since they can be easily distributed over Web or email traffic without raising the suspicion of the recipient. These vulnerabilities are all the more dangerous because Apple Core Graphics API, Scene Kit and Image I/O are used widely by software on the Apple OS X platform," he said.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Abhinav Lal
Abhinav Lal is News Editor at Gadgets 360 and has been tracking all things tech for over a decade now. He has written extensively on a range of topics including apps, gaming, mobiles, PCs, and Web services in his tech journalism career. Apart from editing news, he also works on reviews and features, while taking care of the product side of things at Gadgets 360. Write to him at abhinavl@ndtv.com or get in touch on Twitter. You will most likely find Abhinav editing stuff for Gadgets 360, ...More
This Bengaluru-Based Company Wants to Help You Hire Full-Time Pokemon Hunters
Cloud Shift to Affect Over $1 Trillion in IT Spending by 2020: Gartner
Share on Facebook Tweet Snapchat Share Reddit Comment



© Copyright Red Pixels Ventures Limited 2022. All rights reserved.