Viewing a JPEG File May Compromise iOS Devices

By

iOS users should update devices immediately

Apple has released a fix for iOS that patches a very serious security vulnerability discovered by Marco Grassi of Tencent’s Keen Lab. What makes this vulnerability extremely serious is that the victim only has to view the affected JPG image file without even downloading the image or installing any malicious code. Apple wrote on its 10.1 update page that “Viewing a maliciously crafted JPEG file may lead to arbitrary code execution.”

In addition to fixing the JPEG security hole, the iOS 10.1 update fixed some other flaws in iOS, including a bug in FaceTime that allows an attacker to listen to audio even after the call is terminated. Another bug that was fixed allows applications to obtain access to contacts even if access is revoked. Another notorious problem was fixed in WebKit that lead to arbitrary code execution after visiting maliciously crafted web content.

iOS users should update their devices immediately. Usually it’s recommended to always keep software updated, but Apple has recently earned a bad reputation when it comes to iOS updates. It’s widely reported that many iPhone and iPad users found their devices bricked when they attempted over the air update to iOS 10. T-Mobile urged its customers not to install iOS updates as they were breaking connectivity. These issues discourage users from installing updates immediately, but in this case, Apple feels an update is necessary.

If you are an iPhone 7 Plus user, there is a carrot for you: The update will also unlock the portrait mode that will allow you to add bokeh effects (blurred background with focused foreground) to your images.

10/26/2016

Related content

comments powered by Disqus