MacDirectory Magazine

Sam Nassour

MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.

Issue link: https://digital.macdirectory.com/i/1256627

Contents of this Issue

Navigation

Page 113 of 161

Google Finds Zeroclick Bugs Affecting Ios, Macos, And More By SecureMac.com This week, Google researchers announced that they had discovered multiple "zero-click" bugs in Apple's image-processing framework. Such vulnerabilities could potentially be used to develop exploits that would allow attackers to execute code on a target device without any user interaction required. In this short piece, we'll tell you what Google found, explain some key terms in their report, and let you know what it means for you. What's a framework? The researchers discovered six vulnerabilities affecting Apple's Image I/O framework, and eight additional vulnerabilities in the associated open-source OpenEXR image parsing library. Let's take a moment to understand what that means. When software developers write code for their apps, they don't reinvent the wheel every single time. Instead, they make use of repositories of pre-existing code — called frameworks and libraries — in order to save time and build better software. If they're writing an application for use on someone else's platform, they can use that platform's frameworks to give their app the functionality it needs. Millions of third-party developers write apps for Apple's platforms, and the company offers various frameworks for them to use. Image I/O is one such framework. It allows apps to read and write image file formats. For example, if you were developing a new macOS messenger application, and wanted it to be able to send GIFs and JPEGs, you would use the Image I/O framework to help your app read and write those file types. OpenEXR is something similar. It is a collection of resources — a library — that can be used to process EXR files, a type of high-quality image file used in animation and professional video production. By handing off image processing off to Apple, developers can save time and — theoretically — build more secure software. But the catch is that they're relying on Image I/O to process image file data safely. And as the Google researchers discovered, that wasn't happening. What did Google find? So what went wrong with Image I/O and OpenEXR? It seems that they were unable to handle certain types of unexpected input. When they

Articles in this issue

Archives of this issue

view archives of MacDirectory Magazine - Sam Nassour