The CoreGraphics bug allowed hackers to take over Apple devices just by showing a picture
Apple’s latest update fixes a bug that lets hackers take over iPhones, iPads and Macs after showing a picture to users.
The bug, called CoreGraphics, and was disclosed yesterday by security specialist Marco Grassi, of Keen Lab.
In an advisory on Apple’s support forum, the tech giant warned that the flaw allows hackers to create a jpeg file that takes advantage of a memory bug, running code on the user’s device when it displays a hacked picture.
All it took was for users of an Apple device to open a jpeg or PDF file that contained the malicious code, and hackers would be allowed control over their device.
Attackers could launch the attack remotely, with no form of authentication required.
Apple’s iOS 10.1 software update contains a fix for this bug, and is available for iPhone 5 and later generations of iPhones, iPad 4 and later generations, and iPod touch 6 and later generations.
Other updates for Apple watchOS, macOS and tvOS also appear to solve the problem.
For those running iOS, the release includes updates that tackle 12 CVE-listed security vulnerabilities.
IT Pro approached Apple for comment, but had received none at the time of publication.