Because multimedia files need to be transferred to an operating system library to identify what needs to be done with it next, vulnerabilities in multimedia processing components can allow malicious code to be run remotely on the receiving device/OS without requiring any further action by a user.
Google’s Project Zero discovered such a bug in Image I/O, a framework that is built into all Apple operating systems and works with image files. Actually, they found closer to fourteen vulnerabilities that could have been used for attacks into the framework’s code. While these specific vulnerabilities were subsequently fixed after being identified by Project Zero, the gaps raises questions about the overall security architecture and QA process for Apple’s operating systems.
Apple is generally considered to be a more secure system due to its self contained nature, but its rapid adoption has made it a bigger target. This latest issue comes on the heels of a new ioS security issue impacting almost all iPhones whereby an attacker can remotely infect an iPhone and gain control over a user’s inbox. Last September, Apple’s macOS High Sierra operating system contained a number of security flaws, including permitting a third party app to steal credentials from the keychain and allowing anyone to get root access to a Mac running High Sierra simply by typing the word “root”. The fix itself ended up having further issues…
Tags: #IOS_Security_Flaws #Apple_Security #Zero_Click_Apple_Vulnerabilities