Security

Apple Bug Lets Malicious JPEGs Take Over iPhone, Mac & Apple Watch

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

Apple has fixed the dangerous bug in updates for iOS, WatchOS and MacOS

Apple has warned of a serious security vulnerability affecting the iPhone, which could allow an attacker to take over the device of a user who views a specially crafted JPEG image.

Apple fixed the flaw, among others, in its iOS 10.1 update and said the patch is available for the iPhone 5 and later, iPad 4th generation and later and iPod Touch 6th generation and later.

 

WatchOS, MacOS affected

iOs 10The flaw also affects Apple’s WatchOS and MacOS and has been fixed in newly released updates for those platforms.

The issue is caused by a memory corruption bug affecting a component called CoreGraphics and was fixed through improved memory handling, Apple said in an advisory.

Another serious flaw in WebKit, the rendering engine used by Safari, could allow malicious web content to take over an iOS device when the user views it, Apple said.

That bug was reported through Trend Micro’s bug bounty programme.

Apple iPhone 7

Image 1 of 9

iPhone 7 (1)

Phishing flaw

The update also fixes iOS issues that could allow phishing, data disclosure, file overwrites, malicious code execution by a local user, and other attacks.

Security experts said criminals are likely to look for ways to exploit the flaws now that they have been publicly announced.

Apple introduced business-oriented security improvements with iOS 10 including hardening the mobile Safari browser and the operating system kernel, better integrating enterprise mobility management (EMM) software and securing wireless access, with priority for business applications.

Quiz: What do you know about cybersecurity in 2016?