It is currently 18-12-2017 04:05

In the products Apple came up with our own vulnerability Stagefright

In the products Apple came up with our own vulnerability Stagefright

by sigismund » 2016-07-21 22:55:48


the Bug in iOS and OS X allows you to hack the device with graphic files.


Researchers at Cisco's Talos team has discovered a number of vulnerabilities in the operating systems iOS and OS X that allows you to hack the device by sending a malicious image. The most serious vulnerability (CVE-2016-4631) is contained in the ImageIO component implemented in OS X, 10.11.5 and earlier versions, and also iOS and 9.3.2 below. In addition, the issue affects OS watchOS and tvOS.

According to the researchers, the vulnerability caused by incorrect handling of the ImageIO image files in TIFF format. An attacker could remember proekspluatirovat issue by sending a specially crafted image, which will lead to overflow of the heap. In the result, the attacker would have the ability to remotely run the built-in file malicious code and take control of the device.

The vulnerability is a pretty serious threat considering the number of affected devices and a wide range of attack vectors. For example, the offender may send a malicious image through iMessage, MMS messages, web sites and other applications that use ImageIO to handle graphic files. Exploitation of this vulnerability requires no direct user interaction, because many applications automatically start processing the images.

The above issue is resolved in iOS version 9.3.3. 18 July 2016, Apple issued a corrective update for OS X, iOS, watchOS, tvOS, Safari, iTunes and iCloud fix hundreds of vulnerabilities.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5