> On Aug 2, 2016, at 12:26 PM, Arno Hautala <[email protected]> wrote: > > Not so much... Malware can indeed be contained in an image. > > http://9to5mac.com/2016/07/22/stagefright-mac-iphone-ipad/
Agreed, in part. Stagefright was real malware that delivered real malicious code, but not to Apple devices. The Apple "proof of concept" hack they compared it with proved only that it was possible for a malformed TIFF to trash the heap. I guess you could call this malware in itself, but of a very low order (no one showed it could reveal data or deliver malicious code). The claim that this hack could "ultimately achieve remote code execution" is a bit too underpants-gnomish for me: 1) Discover IP address of NSA computer 2) ? 3) Total World Domination! The only thing the two hacks have in common is that the triggering mechanism was a malformed non-executable (data) file. Apple fixed its minor risk immediately, Android took months fumbling to find a fix that worked. _______________________________________________ MacOSX-talk mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-talk
