Apple devices are still vulnerable to malformed JPEGs, PDFs and font files

Update, now!

If you have an Apple device, you should update it to IOS 10.1 as soon as possible: the update addresses a vulnerability that allows you to take control of the device by simply sending a JPEG image specially packaged (CVE-2016–4673). More technical details (from Apple) are here:

The 10.1 release of iOs includes updates to address 12 CVE-listed security vulnerabilities in the firmware for the iPhone, iPad and iPod Touch.

Those flaws include a remote code execution flaw in the handling of JPEG images (CVE-2016–4673), a remote code execution bug in WebKit (CVE-2016–4677), local code execution flaws, and a vulnerability in contacts (CVE-2016–4686) that would let an application pull Address Book details even when access has been revoked.

Apple also released the 10.12.1 version of Mac OS X: the update brings fixes for 16 CVE-listed vulnerabilities
Those include the CVE-2016–4673 image-handling bug as well as remote code execution flaws that could be triggered by font files (CVE-2016–4667) and PDF files (CVE-2016–4671). Also released was a fix for a denial of service error in Nvidia graphics card drivers (CVE-2016–4663) and a bug that exposed the length of user passwords (CVE-2016–4670).

More details here:

Related posts