Apple flaunts the most secured operating system and technology which hardly have space for loopholes. Questions uproar after Cisco Talos experts claim to have unearthed tens of vulnerabilities in OS X and iOS, including four security holes.
Among all one of the most serious issues is CVE-2016-4631, which is known to affect the ImageIO component in OS X 10.11.5 and prior, and iOS 9.3.2 and prior. Also, CVE-2016-4631 impacts the watchOS and tvOS operating systems, which are based on iOS.
The security researchers at Cisco claim that the flaw is related to how ImageIO processes called TIFF (Tagged Image File Format) files. The vulnerability can be exploited by cyber criminals for arbitrary code execution by sending the targeted user a specially crafted image file which triggers a heap-based buffer overflow.
Further reports say that the flaw in Apple’s operating systems could allow a hacker to gain access to users Mac or iPhone by sending an iMessage.
A researcher from Cisco Talos found the vulnerability in which a hacker could send a certain type of photo file, called a .TIF, which would give the hacker access to the device’s storage and passwords.
“This vulnerability is especially concerning as it can be triggered in any application that makes use of the Apple Image I/O API when rendering tiled TIF images, said Tyler Bohan from security firm Cisco Talos, according to The Guardian.
“Depending on the delivery method chosen by an attacker, this vulnerability is potentially exploitable through methods that do not require explicit user interaction, since many applications (ie iMessage) automatically attempt to render images when they are received in their default configurations,” he added.
The Cisco experts have also discovered CVE-2016-1850, an Apple SceneKit flaw which was patched in May, this year, alongside the release of OS X 10.11.5.