A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. This vulnerability can be triggered via malicious web page, MMS message, iMessage or a file attachment delivered by other means when opened in applications using the Apple Image I/O API.
Update, update, update.
This affects OSX El Capitan – 10.11.4 (the current version is 10.11.6) and iOS – 9.3.1 (the current version is 9.3.3).
Source: Cisco Talos – Talos 2016 0171