Apple fixes bug that lets hackers take control of iPhone, Apple Watch and Mac

The CoreGraphics bug allowed hackers to take over Apple devices just by showing a picture

A close up shot of a MacBook keyboard

Apple's latest update fixes a bug that lets hackers take over iPhones, iPads and Macs after showing a picture to users.

The bug, called CoreGraphics, and was disclosed yesterday by security specialist Marco Grassi, of Keen Lab.

In an advisory on Apple's support forum, the tech giant warned that the flaw allows hackers to create a jpeg file that takes advantage of a memory bug, running code on the user's device when it displays a hacked picture.

All it took was for users of an Apple device to open a jpeg or PDF file that contained the malicious code, and hackers would be allowed control over their device.

Attackers could launch the attack remotely, with no form of authentication required.

Apple's iOS 10.1 software update contains a fix for this bug, and is available for iPhone 5 and later generations of iPhones, iPad 4 and later generations, and iPod touch 6 and later generations.

Other updates for Apple watchOS, macOS and tvOS also appear to solve the problem.

For those running iOS, the release includes updates that tackle 12 CVE-listed security vulnerabilities.

IT Pro approached Apple for comment, but had received none at the time of publication.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Apple opens all US stores for the first time in a year
business transformation

Apple opens all US stores for the first time in a year

2 Mar 2021
Malicious ‘dependency confusion’ packages are stealing password files
hacking

Malicious ‘dependency confusion’ packages are stealing password files

2 Mar 2021
AOL users are the target of a new phishing campaign
phishing

AOL users are the target of a new phishing campaign

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021