Security experts have recently found several remote code execution vulnerabilities in iOS and OS X. The vulnerabilities could allow cyber criminals to compromise Apple devices using specially developed image files.
Advertisement
Discovered by a researcher from Cisco, a hacker could send you a.TIF file (which is a photo file, like.jpg) that, when received, can execute a code that gives the hacker access to your device’s internal storage and stored passwords.
Tyler Bohan, Senior Security Researcher of Cisco Talos, discover flaws in image processing format of OS X platform.
So Apple urges you to update to iOS 9.3.3 as soon as possible.
To update your iOS on your iPhone or iPad, go to settings, general, software update. These operating systems are said to be vulnerable to malware that’s been embedded in an image file.
However, if you’re a user of Apple, be assured that your device will automatically notify and download updates to keep you safe from such malicious bugs.
Most apps on, say, an iPhone, use the Image I/O API to render pictures, including Messages, MMS, Safari, Mail and others, making them susceptible to attacks. However, this is one update you don’t want to ignore.
The problem is not entirely unlike the Stagefright bug that hit the world’s Android users past year.
OS X Mavericks 10.9.5, Yosemite 10.10.5 and El Capitan 10.11.5 are the main victims of these exploits, but Digital Asset Exchange also has problems with El Capitan 10.11.4.
Here’s how the attack works: A hacker creates malware that’s formatted as a TIFF file, which is just another image format like JPG or GIF.
Advertisement
Cisco waited for Apple to release a patch before unveiling the details about the security vulnerability. That’s due to the fact that the responsibility of issuing bug fixes often falls to the smartphone maker and carrier, which they don’t always issue for older or less “premium” devices, of which there are many. Make sure you have updated your device’s software to the latest version to avoid this vulnerability. Apple Watch owners must see to it that their smartwatch is running under the 2.2.2 version.
