Keep in mind that the security experts think that the weakness affects both iOS 9.3.2 and OS X 10.11.5, and there is a high chance that all previous versions are also exposed. TIFF is a file format that is popular with graphic artists, photographers and the publishing industry because of its ability to store images in a lossless format.
Advertisement
Bohan calls the TIFF vulnerability “especially concerning” as it can be triggered in any application that makes use of the Apple Image I/O API when rendering tiled TIFFS (i.e. quite a lot). Left unattended, hackers and other third-party tools could open Apple fans up to some very easy methods of device exploitation.
The image files which place Mac and iOS users at risk are.tiff, often used in publishing, OpenEXR, Digital Asset Exchange file format XML files, and BMP images. The worst part of the story is that the vulnerability can be exploited without explicit interaction with the user since most of these apps carry out automatic rendering of images immediately they are received.
These are iOS 9.3.3 and El Capitan 10.11.6. Sending crafted multimedia messages, email attachments or web pages to an Android phone could give a hacker complete control of the device. The firm goes on to explain how image files stand among the most flawless attack vectors due to how simple they can be transferred online without drawing attention to the person being attacked. The iOS 9.3.3 vanquishes the similar Stagefright vulnerability that pestered over a billion of Android devices in 2015, The Country Caller reported.
The good news is that Apple did patch the image exploit before it had a chance to become more than a proof of concept, and the Talos crew waited until the patch was out to publish their findings. Any OS X update will show up here if you need to install one.
The bug’s concept is almost identical to the Android Stagefright bug that was also discovered by Cisco past year. Few people consider an image or video to be risky but these files can easily be exploited and “weaponised”.
Advertisement
Or you can turn off iMessage by going to Settings, then Messages, and sliding the iMessage tab to ‘off’.
