Monday, October 24, Apple released a software update for iPhone, iPad, Mac, Apple Watch and Apple TV. The release of iOS 10.1 in addition to the functional innovations was closed a dangerous vulnerability that allows to control iPhone and iPad with a JPEG or PDF file.
In total, 10.1 iOS Apple has fixed 12 vulnerabilities, among which a dangerous gap detected by the Tencent staff KeenLab. Proekspluatirovat flaw CVE-2016-4673, the attacker can remotely execute code and gain control over the mobile device. For the successful implementation of the attack, the attacker enough to force a victim to open a JPEG file or a PDF with malicious code.
The update also fixes CVE-2016-4677 and CVE-2016-4666 in the engine to display web pages and WebKit that could allow remote code execution, CVE-2016-4686, which enables applications to query data from the Address book, even if they do not have such access.
In addition, iOS fixed CVE-2016-4635, using which an attacker is able to intercept the audio signal transmitted via a FaceTime camera. The user is sure that the call is completed long ago.
Note that Apple has removed the threat of the bugs and update the macOS Sierra 10.12.1, which debuted along with iOS 10.1. Desktop release fixes 16 vulnerabilities Mac. In particular, fixes two security flaws that could allow remote code execution. An attacker could remember proekspluatirovat CVE-2016-4667 by using font files, and CVE-2016-4671 – using PDF files. Also fixed a security issue in the drivers for Nvidia (CVE-2016-4663) and a vulnerability that allows to know the number of characters in the user password (CVE-2016-4670).
Experts recommend that as soon as possible to install iOS 10.1 and macOS Sierra 10.12.1 for iPhone, iPad and Mac to protect the device from potential attacks.