The Other Apple Announcement, A Fix For A Zero-Click iMessage Bug
Patch That Unhackable iOS Device Before You Get … You Know
Amongst the hype of new iWatches, iPads and other shiny new iThangs it is possible you missed hearing about two bugs which Apple has just released patches for. If you did miss that message, or simply haven’t acted on it you should get updating ASAP as neither bug is good to have. There are attackers on the internet current exploiting both vulnerabilities, so the sooner the better.
The first is yet another co-click iMessage bug which will run code after you receive a malformed PDF document in iMessage. You don’t even have to click anything to get infected, receiving the iMessage is enough to trigger the integer overflow and execute code. The second involves Apple’s WebKit rendering engine, a malformed website can make use of a use-after-free vulnerability to execute arbitrary code on your device, again without you needing to interact with anything.
PC users should also peek at updates for Chrome as The Register’s article suggests, to avoid a set of vulnerabilities in that browser as well.
Apple on Monday issued security patches for its mobile and desktop operating systems, and for its WebKit browser engine, to address two security flaws, at least one of which was, it is said, used by autocratic governments to spy on human rights advocates.