A beta of iOS 10 was released back in June following its release in September to the general public, and sometime after, miscreants managed to hijack users devices, simply by viewing manipulated JPEG or PDF files. Apple released iOS 10.1 yesterday, however users who have not, or are waiting to update are advised to do so as soon as possible.
The attack is quite simple, unfortunately. All that is required is to trick a user in opening a maliciously crafted JPEG or PDF file embedded within an email or website. A memory corruption issue in the CoreGraphics library provided a vector for arbitrary code execution, which could then be leveraged to take over vulnerable devices
While this does raise concerns, don't fret too much. Apple has patched the flaw in the latest iOS 10.1 update, and the company is urging users to update their iOS devices as soon as possible. Unfortunately, if you are still running any Apple devices incompatible with iOS 10 , your device is still vulnerable to the attack. It is reported that earlier versions of iOS still carry the vulnerability, which is labeled CVE-2016-4673.
Source: The Hacker News
11 Comments - Add comment