A new vulnerability discovered by a Ciscoresearcher could allow hackers to gain access to the internal storage and stored passwords on your iOS or Mac device and all they’d have to do is send you a malicious image file.
Tyler Bohan of Cisco Talos found that a TIFF format file sent via MMS, email or placed on a webpage that a victim is guided to visit can hide malware which can run automatically, without being detected.
All Killer, No FillerWe’re bringing Momentum to New York: our newest event, showcasing only the best speakers and startups.
Find out more
In addition to beaming across your authentication credentials on iOS, Mac OS X, tvOS and watchOS, the vulnerability can also allow attackers to remotely control Macs which don’t support sandboxing.
Thankfully, these issues have been patched by Apple; you’ll need to update to the latest versions of their operating systems iOS 9.3.3, El Capitan 10.11.6, tvOS 9.2.2 and watchOS 2.2.2 to stay safe.
If this sounds familiar, it’s because the security flaw is eerily similar to the Stagefright vulnerability discovered in Android devices last year. After it was spotted last August, a second version was uncovered in which hardware could be compromised by sending across an audio file.
Vulnerability Spotlight: Apple Remote Code Execution With Image Files on Talos Blog
