Doing Business | IT & Technologies

July 23, 2016

Apple Security Bug Lets Hackers Nab Your Mac and iPhone Passwords With 1 Text

Apple software contains flaws that could allow hackers to steal people’s passwords by doing nothing more than sending a single nefarious message. Apple patched the vulnerabilities in its latest batch of software updates this week—still, it is incumbent upon people actually to download the updates. (Do it, yes!)

“This is very high severity issue,” Craig Williams, senior technical lead and head of global outreach at Cisco Talos, the networking giant’s threat intelligence division, told Fortune on a call. “The fact that you have an exploit without any user interaction makes me very concerned.”

The issues affect ImageIO, a programming interface that reads and writes image data. Here’s how an exploit could work: If an attacker were to send someone a booby-trapped multimedia message (MMS), for example, containing malicious code in a “tagged image file format” (abbreviated as TIFF, a format like JPEG or PNG), then the code would start executing as soon as it was received.

Ultimately, an attack could give a hacker access to portions of a computer’s memory, which could contain sensitive information, such as passwords and login credentials, Williams said. The issues affect recent versions of iPhone’s iOSMac’s OS X El CapitanApple TV’s tvOS, and Apple Watch’s watchOS software. (See the linked pages for more information, as well as this technical post on the Cisco Talos blog.)

“An attacker could send a thousand iMessages to victims and the second they turn their phones on they’re infected,” Williams added. In this way, the flaws recall the Stagefright vulnerabilities that affected Google’s GOOG 0.56% Android software last year—although the Android issues were more severe since they remained effectively unpatched for longer and gave hackers greater control over affected devices.

A word of advice? Patch up. “Exploitation wise, Talos estimates there is about a two-week effort to get from the information we disclosed publicly to a fully working exploit with a decent amount of reliability,” Tyler Bohan, the security researcher at Cisco Talos who uncovered and reported the bug, told Forbes Tuesday.

Another reason to patch up pronto: Another bug affecting Apple software—this one discovered by a Salesforce security engineer—lets snoops eavesdrop on FaceTime calls. The newly issued iOS 9.3.3 fixes that problem, too.

As with any security fixes, people “should apply the patch immediately,” Williams said.

Text by Fortune
 

Tags Cloud

20102011Absa BankaccaaccidentaccidentsADSUadvertisingafghanistanAfrAsiaafricaagalegaagreementagricultureagroAHRIMAIairair asiaair australAir Franceair madagascarair mauritiusairasiaAirlinesairportairway coffeeAlbionalgeriaalibabaalteoAlvaro SobrinhoamazonAmeenah Gurib-FakimAMLandroidangolaAnil BachooApollo Bramwellappappleappointmentsappsaquaculturearab townarrestArtArvin BoolellasiaATMATOauditaudit reportaustraliaaustriaaviationawardawardsAxcel ChenneyBABagatelleBagatelle DamBAIBalaclavaBangladeshbankBank OnebankingbanksBar CouncilbarclaysBDObeachbeachesBeau Bassin-Rose HillbeautybeerBelgiumBelle-MareBelle-RiveBet365betamaxbettingBharat Telecombig databitcoinblue economyBlue-BayBOIboko haramBollywoodBOMbombingbookbookmakerbooksbossBotswanabpmlBPOBramer BankbrazilbrexitBritish AirwaysbudgetbuildingbusesBusinessbusiness trendsCabinetcall centresCanadacanecareercareer tipscargocarnivalcasinoCaudanCCIDCCMCCTVCEBcelebretiescelebritiescementChagoscharityCharlie HebdoCHCchilechinachromeCIELcigarettesCim FinancecinemaclashesCMTcomoroscompetitionconcertconferenceConfinementCongoconstitutional amendmentconstructioncontestcontestscontractcooperationCoronaviruscorruptioncounterfeitcoupCourtCourtscouvre-feuCOVID-19CPBCPEcreativitycreditscrisiscruise shipcruise shipsCSOCT PowerCultureCurepipecustomercustomerscustomsCVCWAcyclingcyclonedamDawood RawatdayDBMdeficitdenguedeportationdevelopmentDiego GarciadivalidoctorsdodoDomaine les PaillesDonald TrumpDPPdrug traffickingdrugsDTAADubaiDuty Freee-commercee-servicesearthquakeebeneebolaecoécolesecologyeconomicEconomic Development BoardeconomicseconomyEducationeducation abroadeducation reformEEZEgyptEIILMelectionelectionselectoral reformelectricityelon muskembassyEmiratesemirates airlinesEmtelenergyENLentrepreneurshipEnvironmentEOCEUEuroEuropeeventeventsexamexaminationexamsexpoexportfacebookfairFalcqfarmersfarmingfashionfast foodfbiFDIfeefeesferryfestivalFievre AphteuseFIFAFIFA World CupFilm Rebate SchemefilmingfilmsfinancefinancesfinancingFirefishfishingFIUFlacqFlic-en-FlacfloodFloodsflourfonction publiquefoodFootballforecastforeign workersForumFrancefraudfruitfruitsFSCFTAfuelfunnyGAARgabongadgetsgalaxygalaxy notegamblinggame of thronesgamesgasgazaGDPGermanyghanaGlobal BusinessgolfGoodlandsgoogleGorah Issac casegovernmentGRAGrand Baygrand-baieGrand-BassinGrand-Gaubegreecegreengreen energygrippeGTUH1N1hackershajjhamashappinessHawaiihawkershealthhealthcareHeritage Cityhi-techhigher educationhighlandshistoryHolcimholidaysHong Konghorse raceshorse racingHospitalhotelhotel businesshotelshowhow toHRHRDCHSBCHSCHSC ProhtchungaryhuntingHusein Abdool RahimIBAIBLICACICTICTAID cardiframacillegal fishingillegal migrationillegal workersIMFimportindiaIndian OceanIndian Ocean Island GamesIndonesiainflationinfluenzaInfographicsinfrastructureinnovationinnovationsinsuranceinterest rateinternetinterpolInterviewinterview tipsinvestinginvestmentinvestmentsIOCIORECiosiPadiphoneIPOiraniraqirelandIRSISISislamicisraelITItalyjapanJean-Claude Bastos de MoraisJellyfishJewelleryJin FeiJIOIjobjobsjockeyjournalismJulian AssangeKailash TrilochunKenyakitesurfingKPMGkreolla buttelabourLafargelandlandslideLarsen & ToubrolawlawslayoffsLe MorneleadershipleakLepeplexpressliberiaLibyalifeloanloanslocal governmentLockdownlogisticslondonlotteryLottotechLRTLufthansalycheeMadagascarmade in morisMahebourgmalariamalaysiamalaysia airlinesMaldivesMalimallmanagementmanagement tipsmanufacturingmarketmarketingmarketsMauBankMauritiansmauritiusMBCMCBMCCIMDFPMeatmeccamediaMedical CouncilMedical tourismmedicamentsmedicineMedineMedPointmeetingMEFMegh PillayMESMeteoMetro ExpressMEXAmexicoMFAMGIMHCmichaela harte caseMicrosoftMIDMidlandsMIEmigrationmigration crisisminimum salaryminimum wagemiss mauritiusmistakesMITDmlMMMmobilemobile phonesMokamoneymoney launderingmonkeyMont-ChoisyMoody’sMoroccomotivationmoviesMozambiqueMPAMPCMPCBMPLMQAMRAMSBMSCMSMMTMTCMTPAMusicMV BenitaNad SivaramenNaïadeNamibiaNandanee SoornackNarendra ModinasanatureNavin RamgoolamNavind KistnahNCBNCGNDUNECnefNegative Income TaxNelson MandelaNeotownNepalnetherlandsnetworkingNew Mauritius Hotelsnew zealandNGONHDCNICNICHLNigerianight clubsNitin Chinien caseNobel Prizenokianorth koreaNRBNTANTCNWCCNWECOCDEoceanocean economyofofficialsoffshoreoilOlympic GamesOmega ArkOmnicaneoniononlineopinionOppositionorangeoscaroscar pistoriusOUMoutsourcingPakistanpalestinePamplemoussesPanama Paperspandit sungkurParadise PapersparliamentPaul BérengerpensionpensionspeoplePereyberepermis de travailPhilippinesPhoenix Beveragesphonespicture of the daypillspiracyplageplagueplanPlanet Earth InstitutePMPMEPMOpmsdPNQpokerpolicepoliticspollutionPonzi SchemeportPort LouisPort-LouispostPovertyPPPPRPravind JugnauthPRBpresentationpresentation tipspresidentpricepricesprisonproblemprofitprojectprojectsprostitutionprotestspsacPSCpsychologyPTRpublic functionpublic servicepwcQatarQuantum Globalquatre-bornesquotesrainsRajindraparsad SeechurnRakesh GooljauryransomwareratesratingratingsRavi YerrigadooRDAreal estaterecallsreformreformsrefugeesreligionrentrepo ratereportRESRésidence Barklyrestaurantrestaurantsresultresultsresumeresume tipsretailReunionrevenuericeRiche-TerreriseRiviere-du-RempartRiviere-Noireroadsroche-boisRoches-Noires caseRodriguesRogersrose-belleRose-HillrosewoodRoshi BhadainRum and SugarRundheersing BheenickrupeeRussiaRwandasafetySAJsalariessalarysalesalessales tipssamsungsanctionssaudi arabiaSBIsbmSCscamscandalSCBGscholarshipscholarshipsSchoolschoolsscienceseasecuritySEMSEMDEXSenegalSeychellesShakeel MohamedShanghaisharksshootingshoppingshopping fiestashopping mallshopping mallsshowShowkutally SoodhunSICsicomSierra LeonesingaporeSITskillssmall businessSmall Planters Associationsmart citysmartphonesSMeSME MauritiusSMEDASMFsmmsnapchatSobrinho casesocialsocial mediasocial networks & messengersSofitelsoftwaresolar energySomaliasonysouthsouth africaSouth China Seasouth koreasouth sudanspainsponsorshipsportSportsSquatterssri lankaSSRStar KnitwearstartupsstatisticsstatsSTCstockstock marketstocksstrategystreet vendorsStressstrikestudystudy abroadstylesubventionsuccesssuccess storysugarsugar canesummitSun ResortsSun Tan caseSunkai caseSunnystarssupermarketssurveySwanSwedenSwitzerlandsyriaTAtabletsTaiwanTanzaniataxtax fraudtax heaventaxesTbillsteateacherTeachersteamTECtechnologytelecomtendertendersterrorismtertiarytextilethailandthethefttimetime managementtipstototaltourismtoystradetrade feetradingtrainingtrainingstransporttraveltrendsTrioletTripAdvisorTrou-aux-BichestsunamitunaTunisiaTurfTurkeyturkish airlinesTVtwittertyphoonUdMUgandaukukraineununemploymentUNESCOunionsuniverseuniversityuomUSUTMvacanciesvacancyVacoasVacoas Popular Multipurpose Cooperative SocietyVacoas-PhoenixVanilla Islandsvarma caseVATVeekram BhunjunvegetablesVerizonvideoVideo of the Dayvirtual realityvisaVishnu Lutchmeenaraidoovisitvivo energyvolcanowasteWaterWaterparkWeatherwest africawhatsappWhitedot Casewi-fiwikileakswindowsWMAwomenworkwork abroadworkersWorkshopWorldWorld Bankwriting tipsWTOXavier-Luc DuvalyahooYasin DenmamodeyemenYEPYerrigadoogateyoutubeZambiazimbabwe
Mauritius
© 2010-2020 mega.mu