Attackers Can Hack Your iPhone, iPad & Macs Using Maliciously Crafted JPEG, PDF and Even Font Files
Apple released the latest updates to iOS, macOS, Apple Watch, and Apple TV last night. The latest releases bring a number of regular improvements along with some important security fixes. One of these fixes includes a patch for an iOS security vulnerability that attackers can exploit to take over the target device. All you’d need to do is open a specially crafted JPEG or PDF file and poof! you will give arbitrary code execution powers to hackers.
iOS security flaws allow hackers to hijack using JPEG, PDF and font files
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later (also, macOS Sierra 10.12)
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
Other flaws that were patched with the release of iOS 10.1 include a remote code execution bug in WebKit and local code execution vulnerabilities. One of the interesting patched flaws also include a bug that allowed “parsing a maliciously crafted font” that “may disclose sensitive user information.”
One patch that is included in both the iOS and macOS releases is CVE-2016-4635. A remote audio eavesdropping vulnerability in FaceTime, Apple was previously assumed to have fixed the flaw in earlier versions of iOS and OS X. “An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated,” the security bulletin said. It is unknown if the latest patch is an update to previous security fix, or if iOS 10 and macOS Sierra were vulnerable to this bug.
After the patches are released to iOS security vulnerabilities, the chance of getting your devices infected also increases. As hackers get to learn about these vulnerabilities, it becomes absolutely critical for users to install the available security fixes as soon as they are released. Head over to Settings > General > Software Update to install the latest updates.