Warning! Your iPhone Can Get Hacked Just By Opening a JPEG Image, PDF or Font File

[Omnipotent]

What's worse than knowing that innocent looking JPEGs, PDFs and font files can hijack your iPhone, iPad, and iPod.

Yes, attackers can take over your vulnerable Apple's iOS device remotely – all they have to do is trick you to view a maliciously-crafted JPEG graphic or PDF file through a website or an email, which could allow them to execute malicious code on your system.

That's a terrible flaw (CVE-2016-4673), but the good news is that Apple has released the latest version of its mobile operating system, iOS 10.1, for iPhones and iPads to address this remote-code execution flaw, alongside an array of bug fixes.

And now that the company has rolled out a security patch, some hackers would surely find vulnerable Apple devices to exploit the vulnerability and take full control of them.

So, users running older versions of iOS are advised to update their mobile devices to iOS 10.1 as soon as possible.

Besides this remote code execution flaw, the newest iOS 10.1 includes security updates to address 11 security flaws in the firmware for the iPhone, iPad, and iPod Touch.

Those flaws include local code execution vulnerabilities, a remote code execution bug in WebKit (CVE-2016-4677), a flaw in contacts (CVE-2016-4686) that would allow an application to pull Address Book details even when access has been revoked.

 

[Dirk41]

I suppose Apple will be happy , some people will throw their iPhone 5 /5s out of the window and buy a new one

Thank you for sharing

 

[JM Safe]

Surely a bad news for Apple users,

That's a terrible flaw (CVE-2016-4673), but the good news is that Apple has released the latest version of its mobile operating system, iOS 10.1, for iPhones and iPads to address this remote-code execution flaw, alongside an array of bug fixes.

but that is definetely a good news and improvement from Apple.
Thanks for sharing @Omnipotent

 

[Wave]

This has got to be one of the most ridiculous exploits I've heard of in my life...

But as @JM Security said, good news and improvement from Apple regarding the quick pace to release a patch fix.

 

[LabZero]

Years ago, Apple said "Mac don't get viruses like the PC” and users can sleep soundly.
Then, after the Flashback Trojan mess Apple said "Mac is built to be safe”.
Now, Apple what might say?

 

[Wave]

Years ago, Apple said "Mac don't get viruses like the PC” and users can sleep soundly.
Then, after the Flashback Trojan mess Apple said "Mac is built to be safe”.
Now, Apple what might say?

They'll tell us their products are bullet-proof because they are living in a false sense of security...

 

[LabZero]

They'll tell us their products are bullet-proof because they are living in a false sense of security...

It is hypocrisy still think this, but yes I agree with you

 

[Solarquest]

It's incredible that this doesn't change!
Apple does a great job but at the end malware exist and is and will get on their devices.
How long will it take till AV are allowed on "IOS"?

 

[Ink]

I suppose Apple will be happy , some people will throw their iPhone 5 /5s out of the window and buy a new one

iOS 10 supports iPhone 5, iPad Mini 2, iPod 6th gen and all newer models.

iOS 10 is compatible with these devices - Apple Support

 

[Dirk41]

Yes, they said that . Still bugs , battery drain and lags .

 

[Ink]

How long will it take till AV are allowed on "IOS"?

Not anytime soon, I actually would not like to see a flood of Security vendors claiming their software is BEST for iOS.

For example, browse the Google Play, you will see 100's of free and paid AV apps that are bloated with Privacy Advisors that do nothing, Battery Boosting that don't understand how Android works and other mumbo jumbo. Some even scrapped their Premium version in favour for Ad-supported apps (ie. avast Mobile Security). They decided it would be better to shove Ads down 1,000,000's of users for business purposes, but also increasing the risk of a potential malvertising scheme.

 

[Solarquest]

How do you protect your iphone and all behind it then?
Just by updating it , not doing anything risky and by hoping you don't open a page that can exploit a bug?
In my opinion it's a lot of (too much) trust in Apple , IOS and your luck.
I'm thinking at buying the new iPhone but don't feel safe enough by just trusting one company and without having anything else to protect it from malware etc...

 

[Batzzz]

Personally, dont open photos on my phone. I move them over to a virtual machine and open them there. Ive been receieving jpeg internet spam recently, luckily thought tested it and nothing

 

[jamescv7]

Expect those such deadly attacks for IOS, since a big opportunity where solutions are not out most covered by protection.

As much as possible, steer away for any unsolicited e-mails or programs that came from nowhere.

 

[Entreri]

Damn! That is certainly a major flaw, although I never heard of it being exploited.

At least Apple supports their devices numerous years afterwards, unlike Google.

The Pixel is terrible, only 2 years of OS updates! Seriously? It would be understandable IF it was a discount phone, but it is the same price as the latest iPhones!