What you need to know
- A new Google report has revealed several bugs that were previously present in Apple software.
- The zero-click bugs have been patched by Apple.
- The problems revolved mostly around multimedia processing.
A new report published by Google today has revealed several zero-click bugs affecting all of Apple's major operating systems, problems which have all since been patched.
This blog post discusses an old type of issue, vulnerabilities in image format parsers, in a new(er) context: on interactionless code paths in popular messenger apps. This research was focused on the Apple ecosystem and the image parsing API provided by it: the ImageIO framework. Multiple vulnerabilities in image parsing code were found, reported to Apple or the respective open source image library maintainers, and subsequently fixed. During this research, a lightweight and low-overhead guided fuzzing approach for closed source binaries was implemented and is released alongside this blogpost.
To reiterate an important point, the vulnerabilities described throughout this blog are reachable through popular messengers but are not part of their codebase. It is thus not the responsibility of the messenger vendors to fix them.
The bugs involved using multimedia processing, specifically through messenger services that automatically transfer new images, audio, and video to your phone's OS, before processing it. (e.g. when someone sends you a photo in WhatsApp and it appears in your camera roll)
One of the important features of the issue is that it requires no interaction on the part of the user, as the processing components are triggered automatically. As ZDnet notes:
All an attacker has to do is find a way to send a malformed multimedia file to a device, wait until the file is processed, and until the exploit code triggers.
Google said that they were able to use a technique called "fuzzing" (feeding Image I/O unexpected input to check for abnormalities) to find six vulnerabilities in Image I/O and eight in OpenEXR. Google reiterated that none of these bugs could be used to take over devices. It further noted that all of the bugs had now been fixed.
The report further suggested that Apple continue testing of this nature on both operating system libraries and messenger apps.
You can read the full report here.
FAQ: TikTok & WeChat ban — why it’s happening and what it means for you
Are TikTok and WeChat really being banned? When does all of this take effect? Will I still be able to use these apps? All this and more answered in our FAQ regarding the latest U.S. orders.
Here's everything we know about the iPhone 12 so far
With the iPhone 12 reportedly just weeks away, here's everything we currently know about Apple's next flagship lineup!
Here's where to find all 120 Stars in Super Mario 64
There are hundreds of Stars hidden around and throughout Princess Peach's castle in Super Mario 64. Here's where you'll find them all.
Your iPhone 11 Pro will love these screen protectors!
The screen on your new iPhone is very expensive to replace. Because of this, you may want to consider buying an inexpensive screen protector