Apple fixes bug that lets hackers take control of iPhone, Apple Watch and Mac

The CoreGraphics bug allowed hackers to take over Apple devices just by showing a picture

Apple's latest update fixes a bug that lets hackers take over iPhones, iPads and Macs after showing a picture to users.

The bug, called CoreGraphics, and was disclosed yesterday by security specialist Marco Grassi, of Keen Lab.

In an advisory on Apple's support forum, the tech giant warned that the flaw allows hackers to create a jpeg file that takes advantage of a memory bug, running code on the user's device when it displays a hacked picture.

Advertisement - Article continues below

All it took was for users of an Apple device to open a jpeg or PDF file that contained the malicious code, and hackers would be allowed control over their device.

Attackers could launch the attack remotely, with no form of authentication required.

Apple's iOS 10.1 software update contains a fix for this bug, and is available for iPhone 5 and later generations of iPhones, iPad 4 and later generations, and iPod touch 6 and later generations.

Other updates for Apple watchOS, macOS and tvOS also appear to solve the problem.

For those running iOS, the release includes updates that tackle 12 CVE-listed security vulnerabilities.

IT Pro approached Apple for comment, but had received none at the time of publication.




Apple's coronavirus screening app comes under fire over privacy concerns

6 Apr 2020
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020

Facebook tried to buy NSO Group's Pegasus spyware to monitor iOS users

6 Apr 2020
Mobile Phones

Apple to keep US stores closed until May

3 Apr 2020

Most Popular

Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020