Why you should update to the latest versions of Apple operating systems ASAP?
A Cisco researcher has highlighted vulnerabilities in iOS, OS X, tvOS, and watchOS. These operating systems are said to be vulnerable to malware that's been embedded in an image file. The malware, which can allegedly run undetected, allows the attacker to achieve remote code execution on the infected system.Cisco Talos' Tyler Bohan said that users could receive the file via MMS or email, or even be exposed to it when it's placed on a malicious webpage. The remote code execution vulnerabilities were found in the way Apple operating systems access image data using APIs - specifically, Apple Core Graphics API, Scene Kit, and Image I/O.
Image formats that can be used to exploit these vulnerabilities are tiff (tagged image file format), bmp (bitmap), dae (digital asset exchange), and OpenEXR. While the tiff and bmp formats can infect OS X, iOS, watchOS, and tvOS; OpenEXR and dae can infect only OS X machines. Luckily for users of the above-mentioned Apple operating systems, the Cupertino-based company has patched all the vulnerabilities in the latest versions - iOS 9.3.3, OS X El Capitan v10.11.6, TvOS 9.2.2, and WatchOS 2.2.2. If you are currently running a version older than these, it is highly recommended you update to the latest version to avoid the vulnerabilities.
Bohan on the Talos Intelligence blog post described why the vulnerabilities are especially bad. "Image files are an excellent vector for attacks since they can be easily distributed over Web or email traffic without raising the suspicion of the recipient. These vulnerabilities are all the more dangerous because Apple Core Graphics API, Scene Kit and Image I/O are used widely by software on the Apple OS X platform," he said.Cisco on the long term have been known to take user securities very strictly and something like this should be more of a serious alarm bells than just warning signs. Hence, even the United States defence have now decided that the Samsung Note 2s that most of the armymen/women have been provided, have now been replaced with iPhones 6s due to widely popular phones and of course their state of the art user privacy and security offerings that Apple have to let users know, that Apple have always been superior in terms of security over other operating systems and phone manufacturers even including Google.
But however, times have changed and now Google's latest flagship phones or the ever widely popular "nexus" line-up of recent smartphones are now being the most secure competitors in response to Apple's smartphone offerings. However, Google are yet to bring out phones manufactured by themselves rather than rely upon third party manufacturers as 'associate partners' like how Google are proceeding things right now.