this post was submitted on 26 Mar 2024
28 points (91.2% liked)
Apple
17450 readers
152 users here now
Welcome
to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!
Rules:
- No NSFW Content
- No Hate Speech or Personal Attacks
- No Ads / Spamming
Self promotion is only allowed in the pinned monthly thread
Communities of Interest:
Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple
Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode
Community banner courtesy of u/Antsomnia.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Wow!! That is pretty fuc*ed up: Impact: Processing an image may lead to arbitrary code execution
The very first jailbreak was from a similar exploit, so all someone has to do was visit a website via safari, drag the ever so familiar slide to unlock slider across, triggering the said image to be loaded, and jailbreak the device.
Render time arbitrary execution bugs have also existed in fonts and other benign sounding media types, on all OS and platforms. This is really not that special and is just another high impact security bug that got patched.
It would load a PDF in safari. Back in the good old days of jailbreak.me.
I thought it was reference to tiff in a png? It's been far too long, but you're right, PDF was certainly also a vector in a slightly later incarnation I remember :)