Apple Patches Stagefright-Like Bug In IOS

Reader Trailrunner7 writes: Apple has fixed a series of high-risk vulnerabilities in iOS, including three that could lead to remote code execution, with the release of iOS 9.3.3. One of those code-execution vulnerabilities lies in the way that iOS handles TIFF files in various applications (Alternate source: Fortune ). Researchers at Cisco's TALOS team, who discovered the flaw, said that the vulnerability has a lot of potential for exploitation. "This vulnerability is especially concerning as it can be triggered in any application that makes use of the Apple Image I/O API when rendering tiled TIFF images. This means that an attacker could deliver a payload that successfully exploits this vulnerability using a wide range of potential attack vectors including iMessages, malicious web pages, MMS messages, or other malicious file attachments opened by any application that makes use of the Apple Image I/O API for rendering these types of files," Cisco TALOS said in a blog post.

Re:

[campuscodi]

Stagefright also works via images. The author is not wrong.

Sandboxing?

[rsmith-mac]

Perhaps I've just missed this in the reports, but is there any analysis on how this is impacted by sandboxing?

Apple tends to keep things pretty locked down and isolated, and while Stagefright was a Go Directly to Root kind of exploit, I'm curious whether this has the same risk. Can a bad TIFF file delivered via iMessage actually break out of iMessage? "Ultimately, an attack could give a hacker access to portions of a computerâ(TM)s memory" is not very descriptive here.

Side note: why the heck is anyone still supporting TIFF as a built-in image format. The TIFF standard is so complex that it has been the source of an innumerable number of security exploits over the years. It's a very risky format to support for exactly this reason.

Re:

[AHuxley]

It would be interesting thought for DRM and an OS. Remove the DRM and the quality "image" with code is used in the unprotected copy as its part of the new free file. The free copy is then opened and OS and code access to the wider OS is granted to phone home.

As for why, maybe the OS likes a format thats well understood to ensure a set look and feel over desktop, apps, phones.
A more lossy format might change over different hardware and software. With a push for publish once from any device, some image

Re:

[AmiMoJo]

Why isn't this getting more coverage? When it's Android everyone shits themselves, even though the danger isn't really that great. When it's Apple, it's largely ignored even though the risk seems to be far greater.

Re:

[Plumpaquatsch]

Why isn't this getting more coverage? When it's Android everyone shits themselves, even though the danger isn't really that great. When it's Apple, it's largely ignored even though the risk seems to be far greater.

Because it was just reported. And has already been fixed. And everybody can download the patch now and not only in a couple of months, if at all. And isn't used in the wild. And still gets wide press coverage despite your claim.

You can start complaining if after 2 months it becomes clear that the fix (which hasn't reached most devices yet) only fixes some of the problems.

Re:

[AmiMoJo]

Google fixed it right away too, and then pushed the patch out via Play to everyone, and added detection if the exploit to the built in scanner for non-Play apps.

Re:

[Plumpaquatsch]

Google fixed it right away too, and then pushed the patch out via Play to everyone, and added detection if the exploit to the built in scanner for non-Play apps.

Actually, they had already fixed it two months before, but waited to tell the public until at least some devices where actually fixed. And then they fixed a very similar bug again two months later. And then most devices still didn't even have the first patch. Don't try to kid me, stick to your own illusions.

Re:

[trparky]

I don't understand how Google could have fixed this. You say that it was pushed via Google Play but how? It's a system-level binary, Google can't touch that; only an update from your particular Android OEM can fix this via an OTA update.

Oh oh, Google can push this or that via the Google Play services. WRONG! Google can update their own stuff, yes, I'm not denying that but if it's a system-level binary (like Stagefright) or kernel-related Google can't do shit about it! Meanwhile you have to sit and wait fo

Re:

[Plumpaquatsch]

What happens to those older devices, which can not be updated to latest IOS? Such devices are still sold as new in stores to clueless customers.

The ones where the bug isn't found? They will have to live with the fact that they where never vulnerable

Re:

[trparky]

What devices aren't supported by iOS 9?

The following devices are supported by iOS 9...
* iPad 2 (Released March 11, 2011, five years ago)
* iPad 3 (Released March 16, 2012, four years ago)

* iPad 4 (Released November 2, 2012, four years ago)
* iPad Air (Released November 1, 2013, three years ago)
* iPad Air 2 (Released October 22, 2014, two years ago)
* iPad mini (Released November 2, 2012, four years ago)
* iPad mini 2 (Released November 12, 2013, three years ago)
* iPad mini 3 (Released October 22, 201