It discovered that TIFF images rendered by applications using the Image I/O API can be exploited to gain access to a device.
Advertisement
A bug that was found by Cisco on Tuesday and first reported by MacWorld could let hackers roam freely into your iPhone, giving them access to pretty much anything in its storage, with a simple text message.
Apple highlights some of the vulnerabilities your phone is at risk for in its security page for the iOS 9.3.3 update – and oh boy do they sound bad! If an attacker were to send someone a MMS containing malicious code in any type of file format like TIFF, JPEG or PNG, then the code would start executing as soon as it was received.
Apparently, the vulnerability can be triggered by an app that makes use of the Apple Image I/O API as far as rendering TIFF images is concerned.
Apple Core Graphics API, Image I/O and Scene Kit are widely used by apps on the Apple OS X platform, which makes these vulnerabilities more risky.
The vulnerability has been compared to the Android Stagefright bug, that allowed hackers to infect up to one billion smartphones simply by sending an infected video file.
The flaw has been patched in the latest version of iOS, Apple’s mobile operating system, and OS X, the Mac operating system, so to protect your device, be sure and update to iOS 9.3.3 or El Capitan 10.11.6 if you haven’t already. The updates should be available now and will automatically download and prompt to install for the majority of users. In case that the latest iOS version is not installed, it is recommended to immediately update the operating system. That would mean, about 97 million devices are vulnerable to an attack. Apple usually rolls out with updates, but it is the iOS 9.3.3 that improves the performance and security of devices at once.
Advertisement
If you’re still feeling paranoid, you can turn off your MMS (Multimedia Messaging Service) in Settings Messages.
