macOS Sierra iCloud Drive iPhone iPad Mac image 001

Apple’s OSes suffer from a previously unknown exploit which could allow an attacker to compromise the security of a device by having the user open an unsuspecting TIFF image file. Thankfully, the vulnerability has been patched in the most recent releases of iOS, macOS, watchOS and tvOS.

Resembling the dangerous Stagefright exploit that plagued Google’s Android platform for the better part of last year, the security hole could allow a nefarious user to gather sensitive data from your device as soon as you access a simple text message containing a malicious TIFF image file, Fortune said yesterday.

The vulnerability was first discovered in iOS 9.3.2 and reported to Apple by Cisco Talos engineer Tyler Bohan, who discovered that specially crafted data which contains nefarious payloads saved as BMP, Digital Asset Exchange, OpenEXR or TIFF image files could trigger buffer overflows in Messages.

That in turn lets rogue code execute, potentially opening up a system to remote exploits. Other apps which leverage Apple’s Image I/O API to render images are at risk, too. Safari is also vulnerable, but you must manually click a link or load a malicious webpage to trigger the payload.

According to Apple:

An exploitable heap based buffer overflow exists in the handling of TIFF images on Apple OS X and iOS operating systems. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution.

This vulnerability can be triggered via malicious web page, MMS message, iMessage or a file attachment delivered by other means when opened in applications using the Apple Image I/O API.

On Apple platforms, the vulnerability mostly relies on TIFF images.

That’s because Apple’s OSes in many cases load TIFFs without a user specifically opening a malicious file, like iMessage on iOS. As mentioned above, this worrisome flaw has been patched in iOS 9.3.3, OS X El Capitan 10.11.6tvOS 9.2.2 and watchOS 2.2.2, all of which were released four days ago.

Here is the security content for Apple’s latest updates:

Protective updates for Yosemite and Mavericks had not been released at post time.

If you’re jailbroken on iOS 9.1 or earlier and have no intention of losing your precious jailbreaks to the pressure of remaining secure, install a new free jailbreak tweak, called TIFF Disabler, to protect your devices from this exploit.

Our own Anthony has more on that.

Source: Fortune

  • The King

    Android has had this patched up in their messaging app and third-party apps for a some time now. Not like Apple to take long when security is definitely their thing.

    • Andrieux Querido

      Just like 99% of Smartphones viruses are for Android.
      Google it. its true.

      • Ethan Monteon

        Bullshit. 99% of smartphone malware is used to TARGET the Android platform. It wasn’t specifically made for it. Get your facts straight.

      • Andrieux Querido

        Its not Bullshit, i just google it. From Forbes. Report: 97% Of Mobile Malware Is On Android. Theres much more on Google.

      • Ethan Monteon

        You clearly said “are for Android”. There is a huge difference between that and “On Android.”

      • Ethan Monteon

        By the way, The King pretty much said Android had this problem covered while Apple dropped the ball? Why do you have to shift the blame? It doesn’t cover up that fact that Apple; the “master” of security and privacy has messed up yet again.

      • Andrieux Querido

        Im not trying to shift the blame. At least it was not what i was trying to do.

      • The King

        While I know why you are saying this, I feel like you’ve never used Android and speaking off talk about the virus stuff. I’ve gone back and forth with iOS and Android for many years, and I still never got a virus. I actually have had more issues with Apple since the 3GS till now. Had every single iPhone and it’s always been a frigging issue.

        Stupid downloads will give stupid viruses. You get viruses for trying to download APK’s that aren’t from the play store when you’re too cheap to buy the stuff. And you get the virus if you aren’t too bright on where to download the APK from. That’s the same idea from iOS when you’re jailbroken. When you’re open sourced, things will happen. When you jailbreak iOS, you’re phone is open to whatever. It’s just the nature of trade.

    • They probably didn’t know about it until they were notified by a Cisco engineer. Unless there’s any evidence that the vulnerability has been exploited in the wild I wouldn’t worry about it too much.

      • The King

        It’s not that crazy. It’s nothing as bad as that stupid font that froze your iPhone’s message app and phone.