{"id":15321,"date":"2016-07-24T15:25:20","date_gmt":"2016-07-24T19:25:20","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=15321"},"modified":"2021-07-06T17:06:33","modified_gmt":"2021-07-06T21:06:33","slug":"remote-code-execution-with-image-files","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2016\/07\/24\/remote-code-execution-with-image-files\/","title":{"rendered":"Remote Code Execution With Image Files"},"content":{"rendered":"<p><a href=\"http:\/\/www.talosintelligence.com\/reports\/TALOS-2016-0171\/\">CVE-2016-4631<\/a> (<a href=\"https:\/\/news.ycombinator.com\/item?id=12131920\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"http:\/\/www.talosintelligence.com\/reports\/TALOS-2016-0171\/\"><p>An exploitable heap based buffer overflow exists in the handling of TIFF images on Apple OS X and iOS operating systems. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. This vulnerability can be triggered via malicious web page, MMS message, iMessage or a file attachment delivered by other means when opened in applications using the Apple Image I\/O API.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/news.ycombinator.com\/item?id=12134776\">JonathonW<\/a>:<\/p>\n<blockquote cite=\"https:\/\/news.ycombinator.com\/item?id=12134776\"><p>I was about to post that these exploits should be substantially mitigated by iOS sandboxing (you can get arbitrary code execution, but can&rsquo;t get out of the exploited process&rsquo;s sandbox without a second exploit), but then saw <a href=\"http:\/\/www.securityfocus.com\/bid\/91831\">CVE-2016-4627<\/a> also in the 9.3.3 release notes, which is a local privilege escalation exploit that allows arbitrary code execution with kernel privileges.<\/p><\/blockquote>\n\n<p>It&rsquo;s fixed in Mac OS X 10.11.6 and iOS 9.3.3.<\/p>","protected":false},"excerpt":{"rendered":"<p>CVE-2016-4631 (Hacker News): An exploitable heap based buffer overflow exists in the handling of TIFF images on Apple OS X and iOS operating systems. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. This vulnerability can be triggered via malicious web page, MMS message, iMessage or a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2021-07-06T21:06:37Z","apple_news_api_id":"a63b7bfa-e787-4789-a10f-b9f5379b3679","apple_news_api_modified_at":"2021-07-06T21:06:38Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/Apjt7-ueHR4mhD7n1N5s2eQ","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,2095,619,1137,1199,178,53,48],"class_list":["post-15321","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-exploit","tag-graphics","tag-ios-9","tag-mac-os-x-10-11","tag-quartz","tag-sandboxing","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/15321","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=15321"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/15321\/revisions"}],"predecessor-version":[{"id":15322,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/15321\/revisions\/15322"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=15321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=15321"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=15321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}