Thursday, 21 July 2016

Users of iPhones and Macs must update to avoid Stagefright-like bug


Earlier this week, Apple released patches for numerous security holes in its OS X and iOS operating systems, including five vulnerabilities that bear a chilling resemblance to Stagefright.

Just as with Stagefright, which haunted Android users, the attack works because of exploitable bugs in how Apple iPhones and Macs process image files to render a thumbnail. Vulnerabilities in that thumbnail rendering code can be exploited by a maliciously-crafted image file (including BMP and TIFF format files) to achieve remote code execution on the targeted device.

The good news is that Apple issued fixes for the problem earlier this week. If you have already updated your systems to iOS 9.3.3, tvOS 9.2.2, watchOS 2.2.2, and El Capitan v10.11.6 then you have done the right thing.