SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Apple Issues iOS 10.1 to Patch a Critical Web Content Vulnerability

Posted on November 11, 2016

In its newest push to make its iOS products safer, Apple has released iOS update 10.1, featuring an array of twelve different patches for various parts of the system. While details on many of these patches are scant at best, we do know one of the major vulnerabilities patched in this update. Apple took extra steps to close a loophole that could allow what it terms “maliciously crafted web content” to exploit and hijack iOS devices. What exactly does that mean? Put simply; there was a risk that viewing an infected JPEG image could harm your iPhone.

How is this possible? In fact, it’s very simple to hide other types of data inside a JPEG image. In the past, people used this for fun tricks like a picture that also contained a music file. Today, however, there is always the risk that someone may be trying to hide malicious code inside innocent-looking images. On a patched system, viewing such an image likely would have no result. Before the iOS 10.1 patch, however, a user opening a malicious JPEG might have been able to open it without even knowing they were at risk.

When you view a JPEG containing malicious content on iPhone, for example, it exploits a memory error. Through this error, the code gains full access to your device and can then execute arbitrary code as it likes. In other words, it can hijack your phone! Avoiding this issue is tough because there is no way to tell if a JPEG is a potential threat immediately. All iPhone users should strongly consider applying this update as soon as possible to protect themselves. Remember to create a backup of your phone’s data before applying any patches. However, there is one caveat about this patch to note.

Unfortunately, some additional issues appeared during the rollout of iOS 10.1. A subset of users are now experiencing increased battery consumption and a consistent power drain with 10.1, perhaps as a result of some of the added security. As with previous updates, consider power cycling your device to see if this corrects the issue. We’ll continue to wait and see whether Apple releases a subsequent patch to aid in fixing the battery issue. For now, at least, you can rest easier knowing that there’s no risk of infection on your phone just from looking at online images.

Join our mailing list for the latest security news and deals