Opening a PDF on your iPhone could infect it with malware

… unless you’ve updated to iOS 9.3.

iOS 9.3 / PDF

There is a lot of attention being focused today on a flaw in Apple iMessages, which could allow an attacker to intercept your supposedly private messages and extract links to images and videos that you were trying to share securely with your contacts.

The security hole, discovered by researchers from Johns Hopkins University, is an important one to fix - and should be a good reason for you to update your iDevices to the newly-released iOS 9.3, which patches the problem.

However, it's not the only security fix released by Apple today as you can see in the chart below.

Security updates

Name and information linkAvailable for
OS X Server 5.1OS X Yosemite v10.10.5 and later
Safari 9.1OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3
OS X El Capitan v10.11.4 and Security Update 2016-002OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3
Xcode 7.3OS X El Capitan v10.11 and later
tvOS 9.2Apple TV (4th generation)
watchOS 2.2Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
iOS 9.3iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Plenty of reasons to update everything from OS X to your Apple Watch to your Apple TV there...

And if you take the time to read through the advisories you discover that there are additional compelling reasons to update your iPhones and iPads than just the iMessages encryption flaw.

Take this newly-announced security hole, for instance:

IOS security flaw

FontParser

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed through improved memory handling.

CVE-ID

CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)

In short, an attacker could send you a boobytrapped PDF that would cause malicious code to run on your iPhone.

Nasty.

Update your Apple technology folks.

Tags: , , ,

Subscribe to the free GCHQ newsletter

, , ,

Special offers & deals


  • PureVPN: Lifetime Subscription

    PureVPN: Lifetime Subscription

    Make sure your personal data and online activity aren't exposed. Encrypt your internet traffic and cover your tracks with PureVPN. Works with your PCs, Macs, iPhones, Androids, routers, gaming consoles, and Smart TVs. Connect up to 5 devices at once at top speeds.
  • Password Boss Premium Version: Lifetime subscription

    Password Boss Premium Version: Lifetime subscription

    All you need to do is remember one master password, and Password Boss will do the rest - remembering all of your different online passwords securely. Security and peace of mind. 86% off normal price!
  • Fancy becoming an ethical hacker?

    Fancy becoming an ethical hacker?

    Save 98% off the regular price and take advantage of IT Security & Ethical Hacking Certification Training for just $29. This course lays out a successful career path for you in the world of computer security.

More deals...

Leave a reply

Be the first to comment!

Notify of
avatar

wpDiscuz