Google Project Zero team found bugs that impacted Apple Image I/O

Apple has patched all of the flaws the Google Project Zero team discovered as of this month.

@ShaneMcGlaun
Published Wed, Apr 29 2020 12:02 PM CDT   |   Updated Sat, Aug 8 2020 10:29 AM CDT

The Google Project Zero team announced this week that it had discovered significant flaws in Apple's Image I/O that were likely candidates to be targeted by zero-click attack vectors. The bugs were discovered in Apple's Image I/O software, which ships with iOS, MacOS, watchOS, and tvOS. The flaws were present on every major platform that Apple offers.

Google Project Zero team found bugs that impacted Apple Image I/O 01 | TweakTown.com

The Project Zero team withheld any publication of the bugs until they were patched by Apple. The team says that the Image I/O problems Apple had linked to relatively well-known issues surrounding image format parsers. Flaws of this sort are commonly targeted by hackers because they could allow the various multimedia assets to be processed with the ability to run code on a target system without user interaction.

Google's team used a process called "fuzzing" to determine how the Image I/O framework responded to malformed image files. The team chose that particular technique because Apple restricts access to a majority of the tool source code. During the research, the Google team successfully found six vulnerabilities in Image I/O, along with another eight vulnerabilities in OpenEXR, which is a third-party HDR image file format.

One of the Project Zero security researchers said that given enough effort, some of the vulnerabilities the team discovered could be exploited for remote code execution in a zero-click attack scenario. One member of the Google team recommended that Apple perform continuous "fuzz-testing" in system libraries and messenger apps, which are another popular attack avenue for multimedia-based attacks. Apple fixed the Image I/O flaws and security patches that it pushed out in January and April. Another Apple flaw in the iOS Mail app was recently announced that had been exploited in some cases.

Buy at Amazon

MacBook Pro

TodayYesterday7 days ago30 days ago
$2149.00$2149.00$1931.55
* Prices last scanned on 9/24/2020 at 3:52 am CDT - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.
NEWS SOURCE:appleinsider.com

Shane is a long time technology writer who has been writing full time for over a decade. Shane will cover all sorts of news for TweakTown including tech and other topics. When not writing about all things geeky, he can be found at the track teaching noobs how to race cars.

Related Tags

Newsletter Subscription

Latest News

View More News

Latest Reviews

View More Reviews

Latest Articles

View More Articles