AppleRansomCisco researchers have discovered vulnerability in the way that Mac devices process image formats.  TIFF image files are data rich and typically used by publishers or designers, unfortunately, these images can contain more than just image data.  Because of how Apple processes image data, TIFF files can be used to run malware automatically, without being detected.

While TIFF images impose the greatest risk from this vulnerability, the Cisco researcher stress that it is not exclusive to that file format. OpenEXR, Digital Asset Exchange file format XML files, and BMP images are also vulnerable to the exploit.  The problem stems from the way that many applications bundled into the Apple operating systems use and display data.  iMessage for example, a basic instant messaging app, automatically attempts to render images once they are received.  Since large format image files are designed to contain more than just pixel information, it is possible to conceal links and executables within them.  Once received, the malware contained within these images can activate even without the users consent.

The remote code execution vulnerability has been shown to effect iOS, Mac OS X, tvOS and WatchOS.  The good news is that Apple is already aware of the vulnerability and has issues patches to address the issue.  All Apple device users should upgrade to the latest versions of their operating systems – iOS 9.3.3, El Capitan 10.11.6, tvOS 9.2.2 and watchOS 2.2.2 – to stay safe.

– Richard Keene
IT Computer Support of New York
Webmaster and Lead Designer