China’s National Vulnerability Database warns of high-risk out-of-bounds write vulnerability in Apple operating systems
cyber security Photo: VCG
China's National Vulnerability Database (NVDB), a cybersecurity platform under the Ministry of Industry and Information Technology (MIIT), announced on Wednesday that it has detected a high-risk out-of-bounds write vulnerability in Apple's iOS, iPadOS and macOS systems, which has already been exploited in cyberattacks.
NVDB said that iOS, iPadOS, and macOS, operating systems developed by the US company Apple, contain an out-of-bounds write vulnerability in the ImageIO framework. Processing a malicious image file could lead to memory corruption.
Apple has since fixed the vulnerability and issued a security advisory, NVDB said. Relevant organizations and users are advised to promptly conduct risk assessments and update to the latest secure versions to guard against potential cyberattacks.
Ma Jihua, a veteran telecom analyst, told the Global Times on Wednesday that the Apple vulnerability stems from flaws in its graphics processing code, which can be maliciously exploited. When the software processes deliberately designed graphics, it may misplace information into other memory spaces, potentially corrupting or overwriting critical data. "This loophole could even give hackers a backdoor to break into the system," he said.
He noted that MIIT's proactive reminder signals a shift in national security management from post-incident remedies to pre-emptive prevention, especially in key supply chain links. "For core software like Apple's operating system, once a security risk emerges, the consequences are enormous. The ministry's early intervention is crucial to safeguarding China's new industrialization," Ma added.
Liu Dingding, a Beijing-based independent tech analyst, stressed that the issue goes beyond one piece of software or hardware, pointing to the need for an end-to-end domestic ecosystem to avoid foreign chokeholds.
"Apple should respond quickly to patch the vulnerability, but the long-term solution is to build a fully independent and controllable system - from operating systems to CPUs and applications - so that every link of the chain is secure and no longer subject to external risks," Liu noted.
Global Times
RELATED ARTICLES
