Apple fixes bug that lets hackers take control of iPhone, Apple Watch and Mac
The CoreGraphics bug allowed hackers to take over Apple devices just by showing a picture
Apple's latest update fixes a bug that lets hackers take over iPhones, iPads and Macs after showing a picture to users.
The bug, called CoreGraphics, and was disclosed yesterday by security specialist Marco Grassi, of Keen Lab.
In an advisory on Apple's support forum, the tech giant warned that the flaw allows hackers to create a jpeg file that takes advantage of a memory bug, running code on the user's device when it displays a hacked picture.
All it took was for users of an Apple device to open a jpeg or PDF file that contained the malicious code, and hackers would be allowed control over their device.
Attackers could launch the attack remotely, with no form of authentication required.
Apple's iOS 10.1 software update contains a fix for this bug, and is available for iPhone 5 and later generations of iPhones, iPad 4 and later generations, and iPod touch 6 and later generations.
Other updates for Apple watchOS, macOS and tvOS also appear to solve the problem.
For those running iOS, the release includes updates that tackle 12 CVE-listed security vulnerabilities.
IT Pro approached Apple for comment, but had received none at the time of publication.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now