The security holes affect image rendering, and can be triggered in any apps that use the Apple Image I/O API when rendering tiled TIFF images, according to Cisco researchers.
Fortunately, Apple has patched the bug in its latest updates. The security flaws, called CVE-2016-4629 and CVE-2016-4630, exist in ImageIO and can be exploited to execute arbitrary code using OpenERX, an HDR image file format developed by Industrial Light Magic for the visual effects industry. Although images in the TIFF format are relatively rare, they are used extensively by photographers and graphic designers.
Security vulnerabilities that can allow hackers to access your device by sending you an iMessage are found in nearly every version of iOS and OS X, except the latest ones, report Forbes and Quartz.
It’s also worth remembering that as public beta software has not yet been commercially released by Apple, it will probably contain errors or inaccuracies and may not function as well as commercially released software. I/O is used to describe any program, operation or device that transfers data to or from a computer and to or from a peripheral device.
Alternatively, you can turn off iMessage and disable MMS messaging, meaning there will be no way for hackers to send you the dubious image file in a text message. Apple has already corrected the flaw with its latest operating system updates, which were rolled out on July 18.
The fact that the liability makes use of Apple’s API, which is intrinsic to a number of different apps, the threat can come from anywhere, from visiting a webpage to getting an iMessage. The worst part of the story is that the vulnerability can be exploited without explicit interaction with the user since most of these apps carry out automatic rendering of images immediately they are received. Until now, most Android devices are still vulnerable, QZ reported. Users are being warned after researchers at Cisco revealed a flaw in the older versions of Apple’s iOS and MacOS software that could allow hackers into their device.