Perhaps I've just missed this in the reports, but is there any analysis on how this is impacted by sandboxing?
Apple tends to keep things pretty locked down and isolated, and while Stagefright was a Go Directly to Root kind of exploit, I'm curious whether this has the same risk. Can a bad TIFF file delivered via iMessage actually break out of iMessage? "Ultimately, an attack could give a hacker access to portions of a computerâ(TM)s memory" is not very descriptive here.
Side note: why the heck is anyone still supporting TIFF as a built-in image format. The TIFF standard is so complex that it has been the source of an innumerable number of security exploits over the years. It's a very risky format to support for exactly this reason.