We all know by now that Apple’s iOS 10.1 firmware enabled the fantastic new Portrait mode for iPhone 7 Plus owners, among some other things, but it looks as though the improvements and fixes were more than just camera-based.

The most recent firmware revision, which is available right now as a software update for compatible iPhone and iPad owners, also includes security fixes and patches that assist with protecting installed devices against malicious JPEG files that have embedded code designed to execute on a device running a vulnerable version of iOS.

ios-10.1-m

The enabling of the highly anticipated Portrait mode is one of the most talked about aspects of iOS 10.1, and rightly so given how important a feature it is for iPhone 7 Plus owners with access to that iSight-Duo camera. However, when the release notes actually stipulate that it’s also packed with bug fixes, enhancements, and security patches, they couldn’t be more accurate this time around.

Apple has clearly identified – through an external source – an issue whereby pre-iOS 10.1 devices are subject to manipulation via a targeted JPEG that contains embedded malicious code designed to execute when it makes itself at home on the host device. It would appear that any infected image could act as a backdoor of sorts to the device itself, with the chance that any would-be attackers responsible for the code, then being able to access information and extract it from the iPhone or iPad.

Apple addresses this as part of the information pertaining to the security aspect of iOS 10.1, noting that “viewing a maliciously crafted JPEG file may lead to arbitrary code execution” on the device. When you hear the words “malicious” and “code execution” written down in Apple’s own security documentation, you know it’s probably time to take the update seriously and make sure that the vulnerability is patched with an immediate spare to iOS 10.1.

CoreGraphics

-Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
-Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution
-Description: A memory corruption issue was addressed through improved memory handling.
-CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

ios-10.1-changelog

The JPEG image fix is just one security update of many in iOS 10.1, with Apple also including patches to prevent “an attacker in a privileged network position” from being able to continue receiving audio after a FaceTime call has been terminated. Check out the full Apple security document outlining all of the iOS 10.1 security patches for more information here.

Jailbreakers who are still on iOS 9.3.3 may want to know that there’s currently no jailbreak available for iOS 9.3.5-iOS 10.1 firmwares.

You might also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.

Related Stories