Cisco Talos security researchers have unveiled security vulnerabilities (CVEs) which could compromise Mac OS X devices. The flaws enable attackers to harvest the user’s data and can lead to remote code execution and device hijacking. The total number of the disclosed vulnerabilities is 5.
Meet CVE-2016-4631, CVE-2016-4629, CVE-2016-4630, CVE-2016-1850 and CVE-2016-4637
The cause for all 5 flaws is in the way that Apple processes image formats. Apple provides APIs as interfaces for the purpose of accessing images, and the flaws are related to that system.
The dangers are particularly associated with .tiff (TIFF) files used in publishing, OpenEXR, Digital Asset Exchange file format XML files, and BMP images.
More about CVE-2016-4631and the .tiff (TIFF) File Format
Because of its ability to store images in a lossless compression, the Tagged Image File Format is mainly popular among graphic designers and artists photographers. Researchers explain that TIFF was created to try to establish a common scanned image file format in the mid 1980s. Researchers at Talos discovered an issue in the way the Image I/O API parses and handles tiled TIFF image files.
When rendered by applications that use the Image I/O API, a specially crafted TIFF image file can be used to create a heap based buffer overflow and ultimately achieve remote code execution on vulnerable systems and devices.
CVE-2016-4631 can be activated in any app that uses the Apple Image I/O API when rendering TIFF images.
In other words, there are plenty of opportunities for attackers to take advantage of this security loophole, like iMessages, compromised pages, MMS and malicious file attachments that open with the help of Apple Image I/O API.
More about CVE-2016-4629, CVE-2016-4630 and OpenEXR File Format
OpenEXR is a high dynamic range image file format. The format has been developed for application in the visual effects industry and is widely popular for professional computer graphics. The format allows for a lot of flexibility in the bit depth of information held in pixels, researchers note. The bad part is that a malicious OpenEXR file can be created that abuses this flexibility to cause Apple Image I/O to write the information contained within the image to memory outside of the intended destination buffer.
More about CVE-2016-1850 and Digital Asset Exchange File Format
Basically, the Digital Asset Exchange format is an XML file format applied for exchanging files between digital content creation apps .
It is possible to pass a specially created Digital Asset Exchange file to Scene Kit so that the framework accesses an object of one type, believing it to be of another type. In these circumstances it is possible to perform operations on the incorrectly typed object that access out of bounds memory. This vulnerability can be exploited to then cause remote code execution on the device.
More about CVE-2016-4637 and the BMP File Format
It’s a long standing and straightforward file forward in terms of its structure. The BMP file header contains information about the size, layout, and type of the image. Researchers say that an issue exists within the way that the height property of an image is handled.
This can be exploited when a specially crafted BMP image file is saved, then opened and part of the size information is manipulated. The exploit leads to an out of bounds write resulting in remote code execution when opened in any application using the Apple Core Graphics API.
Has Apple Fixed the Vulnerabilities?
Apple has already patched all 5 issues in the latest version of iOS, Mac OS X, tvOS and watchOS. Users should proceed towards updating their software in order for the vulnerabilities to be fixed.