Apple ImageIO Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in the ImageIO component of Apple iOS, iPadOS, and macOS. This vulnerability arises from improper memory handling when processing maliciously crafted images, potentially leading to arbitrary code execution. The issue has been addressed in multiple recent updates, including iOS 16.6.1, iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, and macOS Big Sur 11.7.10. Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

Impact

Exploitation of this vulnerability could result in a heap buffer overflow, allowing for out-of-bounds memory writes. Such memory corruption could be exploited to execute arbitrary code.

Remediation

Users can update to iOS 16.6.1, iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, or macOS Big Sur 11.7.10 to address this vulnerability.