Apple Having Own Stagefright Vulnerability
A patch was released by Apple for vulnerabilities that are affecting the iOS, iTunes, Safari, tvOS, OS X El Captain and watchOS products line. A critical vulnerabilities patch in OS X and iOS was included in the update, which could permit remote code execution.
Tyler Bohan from team of Cisco Talos, found out the issues that could be exploited by sending an attachment of malformed image in an email to the victims, embedded in Webpage, by means of MMS messages, iMessages, and all other types of applications.
Softpedia.com posted on July 20th, 2016, stating that the problem was that few of the Apple products try automatic processing of the image that was received from attacker for creating and presenting a thumbnail.
Once this happens, product of Apple loses its control on handling of its memory space, and malicious code that is embedded in image gets executed, thus enabling attacker to obtain reins of device.
Tyler Bohan, Senior Security Researcher of Cisco Talos, discover flaws in image processing format of OS X platform. Stragefright vulnerabilities of Android devices that got discovered one year back by Joshua J. Drake of Zimperium zLabs are comparable to these vulnerabilities. The flaw of iOS allows almost undetectable passwords theft from iPhones.
Talos says that an attacker can deliver payload for launching the vulnerability by using MMS messages, iMessages, malicious webpages, or other file attachments that are malicious.
Zscaler, a security firm, founds separate vulnerability that is affecting OS X El Capitan, which allows illegal access of cookies kept in Safari browser to the applications which don't have suitable privileges. Abhinav Bansal, Senior Software Engineer of Zscaler, wrote on a blog post of the company that "this access could result in a malicious application lifting all the persistent cookies for a given user and accessing sites posing as that user."
Marc Laliberte, information security threat analyst of WatchGuard Technologies, says that several updates involved situations where Apple has discovered more related vulnerabilities as a vulnerabilities report that is disclosed by the external researchers. He sent an email to SCMagazine.com stating that "while investigating further into a reported vulnerability should be the status quo, that isn't always the case".
» SPAMfighter News - 7/22/2016