The Other Apple Announcement, A Fix For A Zero-Click iMessage Bug 1

The Other Apple Announcement, A Fix For A Zero-Click iMessage Bug

General Tech
Spread the love
  • 1
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
The Other Apple Announcement, A Fix For A Zero-Click iMessage Bug 2

Patch That Unhackable iOS Device Before You Get … You Know

Amongst the hype of new iWatches, iPads and other shiny new iThangs it is possible you missed hearing about two bugs which Apple has just released patches for.  If you did miss that message, or simply haven’t acted on it you should get updating ASAP as neither bug is good to have.  There are attackers on the internet current exploiting both vulnerabilities, so the sooner the better.

The first is yet another co-click iMessage bug which will run code after you receive a malformed PDF document in iMessage.  You don’t even have to click anything to get infected, receiving the iMessage is enough to trigger the integer overflow and execute code.  The second involves Apple’s WebKit rendering engine, a malformed website can make use of a use-after-free vulnerability to execute arbitrary code on your device, again without you needing to interact with anything.

PC users should also peek at updates for Chrome as The Register’s article suggests, to avoid a set of vulnerabilities in that browser as well.