Do your friends send you songs on your iPhone? If you do, you need to consider if the sender is trustworthy before opening.
An anonymous hacker working with Trend Micro’s Zero Day Initiative (ZDI) disclosed bugs, which affects Apple TV and watchOS too. Defined as a memory corruption flaw, it allowed malicious code to run as soon as an audio file ran on its phones.
This bug is similar to an exploit of Google’s Android operating system back in 2015, when researchers discovered they could hide exploit code in MP3s and MP4s. The problems derived from the way Android processed metadata within music files.
Apple said it had addressed the problem with “improved input validation.” For undisclosed reasons, ZDI wasn’t permitted to talk about the bugs until today.
However, Apple has killed this vulnerability and more with iOS 10.3. Apple said it had addressed the problem with “improved input validation.”
Google, whose Project Zero staffer Gal Beniamini discovered the bug, hadn’t provided more information on what the attack entailed. A full explanation of that issue was later published by Beniamini.
The tech giant also released iOS 10.3.1 with a fix for a weakness that meant an attacker within range could have executed malicious code on the phone’s Wi-Fi chip.