Apple Security Bug Lets Hackers Nab Your Mac and iPhone Passwords With 1 Text

“This is very high severity issue,” Craig Williams, senior technical lead and head of global outreach at Cisco Talos, the networking giant’s threat intelligence division, told Fortune on a call. “The fact that you have an exploit without any user interaction makes me very concerned.”

The issues affect ImageIO, a programming interface that reads and writes image data. Here’s how an exploit could work: If an attacker were to send someone a booby-trapped multimedia message (MMS), for example, containing malicious code in a “tagged image file format” (abbreviated as TIFF, a format like JPEG or PNG), then the code would start executing as soon as it was received.

Ultimately, an attack could give a hacker access to portions of a computer’s memory, which could contain sensitive information, such as passwords and login credentials, Williams said. The issues affect recent versions of iPhone’s iOS, Mac’s OS X El Capitan, Apple TV’s tvOS, and Apple Watch’s watchOS software. (See the linked pages for more information, as well as this technical post on the Cisco Talos blog.)

“An attacker could send a thousand iMessages to victims and the second they turn their phones on they’re infected,” Williams added. In this way, the flaws recall the Stagefright vulnerabilities that affected Google’s GOOG 0.56% Android software last year—although the Android issues were more severe since they remained effectively unpatched for longer and gave hackers greater control over affected devices.

A word of advice? Patch up. “Exploitation wise, Talos estimates there is about a two-week effort to get from the information we disclosed publicly to a fully working exploit with a decent amount of reliability,” Tyler Bohan, the security researcher at Cisco Talos who uncovered and reported the bug, told Forbes Tuesday.

Another reason to patch up pronto: Another bug affecting Apple software—this one discovered by a Salesforce security engineer—lets snoops eavesdrop on FaceTime calls. The newly issued iOS 9.3.3 fixes that problem, too.

As with any security fixes, people “should apply the patch immediately,” Williams said.