Apple has fixed the dangerous bug in updates for iOS, WatchOS and MacOS
Apple has warned of a serious security vulnerability affecting the iPhone, which could allow an attacker to take over the device of a user who views a specially crafted JPEG image.
Apple fixed the flaw, among others, in its iOS 10.1 update and said the patch is available for the iPhone 5 and later, iPad 4th generation and later and iPod Touch 6th generation and later.
WatchOS, MacOS affected
The issue is caused by a memory corruption bug affecting a component called CoreGraphics and was fixed through improved memory handling, Apple said in an advisory.
Another serious flaw in WebKit, the rendering engine used by Safari, could allow malicious web content to take over an iOS device when the user views it, Apple said.
That bug was reported through Trend Micro’s bug bounty programme.
The update also fixes iOS issues that could allow phishing, data disclosure, file overwrites, malicious code execution by a local user, and other attacks.
Security experts said criminals are likely to look for ways to exploit the flaws now that they have been publicly announced.
Apple introduced business-oriented security improvements with iOS 10 including hardening the mobile Safari browser and the operating system kernel, better integrating enterprise mobility management (EMM) software and securing wireless access, with priority for business applications.