There’s a new warning for Apple iPhone and Mac users about a security vulnerability that could let a hacker infiltrate your device by sending you a rogue iMessage.
Advertisement
The issue was recently uncovered by Cisco Talos, a threat intelligence organization.
The vulnerability has been found in Apple’s picture-handling Image I/O API meaning that hackers using malware called a Tagged Image File Format (TIFF) can break through Apple’s security and run their own code on a device.
‘This means that an attacker could deliver a payload that successfully exploits this vulnerability using a wide range of potential attack vectors including iMessages, malicious web pages, MMS messages, or other malicious file attachments opened by any application that makes use of the Apple Image I/O API for rendering these types of files’.
The image files which place Mac and iOS users at risk are.tiff, often used in publishing, OpenEXR, Digital Asset Exchange file format XML files, and BMP images. Stragefright vulnerabilities of Android devices that got discovered one year back by Joshua J. Drake of Zimperium zLabs are comparable to these vulnerabilities.
The security experts also explained that the “vulnerability is potentially exploitable through methods that do not require explicit user interaction”. The latest version of OS X is El Capitan 10.11.6, and it is compatible with most Mac laptops and desktops dating back to mid-2007. Because Android is spread out among several manufacturers with a relatively lax install base (which Tim Cook loves to point out), security updates can be painfully slow going.
The U.S. tech firm only made versions 9.3.3 of its iOS and OS X available on Thursday, the 21 July.
Here’s how to check if your device’s operating system is up-to-date, and safe from the exploit.
Simply navigate to Settings General Software Update to find out whether a new iOS beta is available to download.
Fortunately, Apple has patched the bug in its latest updates.
Advertisement
So: if you have an iPhone or iPad, please get it on iOS 9.3.3 as soon as possible. Just as in the case of Android’s Stagefright, users don’t have to do anything for the malicious software to start working.
