Apple Security Bug Lets Hackers Nab Your Mac and iPhone Passwords With 1 Text

7 years, 8 months ago - July 23, 2016
appleiosiphonemac
Apple Security Bug Lets Hackers Nab Your Mac...
Apple software contains flaws that could allow hackers to steal people’s passwords by doing nothing more than sending a single nefarious message. Apple patched the vulnerabilities in its latest batch of software updates this week—still, it is incumbent upon people actually to download the updates. (Do it, yes!)

“This is very high severity issue,” Craig Williams, senior technical lead and head of global outreach at Cisco Talos, the networking giant’s threat intelligence division, told Fortune on a call. “The fact that you have an exploit without any user interaction makes me very concerned.”

The issues affect ImageIO, a programming interface that reads and writes image data. Here’s how an exploit could work: If an attacker were to send someone a booby-trapped multimedia message (MMS), for example, containing malicious code in a “tagged image file format” (abbreviated as TIFF, a format like JPEG or PNG), then the code would start executing as soon as it was received.

Ultimately, an attack could give a hacker access to portions of a computer’s memory, which could contain sensitive information, such as passwords and login credentials, Williams said. The issues affect recent versions of iPhone’s iOSMac’s OS X El CapitanApple TV’s tvOS, and Apple Watch’s watchOS software. (See the linked pages for more information, as well as this technical post on the Cisco Talos blog.)

“An attacker could send a thousand iMessages to victims and the second they turn their phones on they’re infected,” Williams added. In this way, the flaws recall the Stagefright vulnerabilities that affected Google’s GOOG 0.56% Android software last year—although the Android issues were more severe since they remained effectively unpatched for longer and gave hackers greater control over affected devices.

A word of advice? Patch up. “Exploitation wise, Talos estimates there is about a two-week effort to get from the information we disclosed publicly to a fully working exploit with a decent amount of reliability,” Tyler Bohan, the security researcher at Cisco Talos who uncovered and reported the bug, told Forbes Tuesday.

Another reason to patch up pronto: Another bug affecting Apple software—this one discovered by a Salesforce security engineer—lets snoops eavesdrop on FaceTime calls. The newly issued iOS 9.3.3 fixes that problem, too.

As with any security fixes, people “should apply the patch immediately,” Williams said.

Text by Fortune

We also recommend

How to use Messages in iOS 10, from special effects to iMessage apps

How to use Messages in iOS 10, from special effects to iMessage apps

Thanks to iOS 10, your Messages app is way more than a texting app. Way, way more. Now that the official release of iOS 10 is out, here’s your guide to using all the new features in Messages, from sending fullscreen effects to installing your third-party iMessage apps from your favorite services like Venmo, ESPN, and OpenTable.

7 years, 5 months ago

New iOS 10 security flaw makes it easier to crack iPhone backups

New iOS 10 security flaw makes it easier to crack iPhone backups

According to Forbes, Apple’s latest iOS release seems to have accidentally weakened the iPhone’s security, potentially allowing unauthorized access to localized backups.

7 years, 6 months ago

iOS 10 is surfacing hardcore porn GIFs in iMessage

iOS 10 is surfacing hardcore porn GIFs in iMessage

Apple is having trouble removing porn from iMessage's new GIF search feature. Overnight, Deadspin noticed a highly sexual My Little Pony GIF appearing in searches for the word "butt," but the problem goes well beyond that.

7 years, 7 months ago

Apple iOS 10: Should You Upgrade?

Apple iOS 10: Should You Upgrade?

It’s the big one. Apple iOS 10 has landed and it represents one of the biggest upgrades to iOS in recent years. But iOS 10 also kills off support for a number of older iPhones, iPads and iPod touch and it also suffered initial installation problems after release. So should you upgrade? Let’s take a look…

7 years, 7 months ago

Apple's iOS 10 iPhone and iPad update causing issues for some users

Apple's iOS 10 iPhone and iPad update causing issues for some users

Apple said the issue with the software update process that affected ‘a small number’ had since been fixed but users are still reporting problems

7 years, 7 months ago

Apple’s iOS 10 Is Available for Beta Testers Who Want a Head Start

Apple’s iOS 10 Is Available for Beta Testers Who Want a Head Start

Apple on Thursday released an early version of its next mobile operating system, which will deliver some of the most substantial changes to iPhones and iPads in years.

7 years, 9 months ago

Tags Cloud
actionadobeadventureanimationauto showBagatelle Mallbig dataBiographybolliwoodBollywoodbrandBusinesscareercinemaclubscomedyconcertconcertsconferencecontestcosplaycoursescrimedancingdata protectiondjdocumentarydramaEducationexcelexpofairfamilyfantasyfestivalfinanceshealthhi-techHorrorHRICTIndian Oceanindian singersInfotechinternetITj&j auditoriumjazzjob fairkreollawsleadershipmalaysiaMalaysia Education CentremanagementmarketingmauritiusmbamediationMGIMicrosoftmoviesMusicMysteryofficeopen daysoperaportpowerpointreggaeromancerunningsalonsci-fisciencesingersskillsSMesoftsoft skillssportSVICCSwami Vivekananda CentrethrillertourismtrainingtrainingsuomwordWorkshop