Apple
released an updated version of iOS 9.3.3, fixing a number of vulnerabilities in it. Among others, we are talking about a serious vulnerability of the type of Stagefright for Android, about which we wrote
earlier . This vulnerability allowed you to remotely execute code on an Android device, and the user did not even need to open the message, it was enough just to receive it. A similar vulnerability with the CVE-2016-4631 identifier was also fixed in iOS (ImageIO component).
To exploit the vulnerability, an attacker simply sends an MMS-message with a multimedia file to the iPhone in a special way. After receiving the message, a code will be executed on the user's smartphone that can steal the user's account data from the memory. At the same time, to gain complete control over the device, the attacker needs another LPE-exploit, which will provide him with root rights in the system.
')
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple memory corruption issues.
CVE-2016-4631: Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)
Several vulnerabilities were closed in the iOS kernel. Vulnerabilities with identifiers CVE-2016-1863, CVE-2016-4653, CVE-2016-4582 can be used by attackers for remote code execution with system privileges. Another Denial of Service CVE-2016-1865 vulnerability could allow an attacker to provoke a system hang.
Vulnerabilities in the system component IOAcceleratorFamily can also be used to remotely execute code with system privileges.
We encourage users to update their devices. The update is available for iPhone 4s +, iPod touch 5+, iPad 2.
be secure.