Windows vulnerability enables remote PC access via iPhone video file

Apple iPhone owners who use Windows-based machines to view and edit video files are potentially at risk to remote hacking thanks to a vulnerability that exists in the way Microsoft’s operating system handles HEVC files.Discovered last week, the bug in Microsoft’s Windows Codecs Library can be exploited to take over and execute code on an unpatched host machine. The threat was flagged by the U.S. Cybersecurity and Infrastructure Security Agency on Friday.Like most remote attack vectors, users trigger arbitrary code execution by opening a specially designed payload, in this case an HEVC image file. Windows mishandles the codec, triggering what appears to be a memory overflow that enables system intrusion and, potentially, remote takeover.Read more…
Go to Source
Author: