Those who often use Windows to view or edit their Apple iPhone video files are at risk to remote hacking due to a vulnerability existing in Microsoft's operating system.
Apple iPhone users who are fond of using Windows-based devices to view and edit their video files need to be aware that they are at risk to remote hacking because of vulnerability in the way the operating system of Microsoft deals with HEVC files. Hackers can use this weakness to access the PC remotely through the iPhone video file.
The bug, recently discovered in Microsoft's Windows Codecs Library, allow hackers to exploit and take over an unpatched host machine and at the same time, allow them to run their own codes. The U.S. Cybersecurity and Infrastructure Security Agency flagged the threat on Friday and said that Apple iPhone owners who use Windows-based computers to view and edit their video files should be aware of this vulnerability and the risk of having their PC's accessed remotely.
Just like many remote attack paths, hackers trigger an arbitrary code execution through the launch of a specially-designed payload, which in this particular situation is an HEVC image file. Windows handles the codec wrongly, triggering what seems like a memory overflow that permits system intrusion and likely remote access. In an article published on the PC World, Apple iPhone users are particularly vulnerable to hacks or remote access that take advantage of flaws or vulnerability in Windows, as recent versions of the handset depend heavily on HEVC for video recording.
Apple has offered the coded since the launch of the iPhone 7 several years ago and became the smartphone's standard high-resolution video file format since the release of iOS 11. HEVC assets are required if users wanted to view or edit their videos on a Windows machines, although it was only recently that the vulnerability that exposed Apple iPhone users at risk to remote PC access when they use Windows-based machines to view or edit their video files.
In addition, longtime iPhone owners often send or receive HEVC video attachments or see this particular file format online, which means it is not likely to raise red flags. It is only now that the vulnerability in Windows which allows hackers to remotely access PCs used by Apple iPhone owners to watch or edit their video files came to light. Users who downloaded HEVC manually or "HEVC from Device Manufacturer" codecs from Microsoft are likewise vulnerable to similar attacks. A patch for the vulnerability is already available for download. Microsoft said that versions that are safe for use include 1.0.32762.0, 1.0.32763.0, and later. You can download these from Microsoft's online store.
