A new vulnerability discovered by a Cisco researcher could allow hackers to gain access to the internal storage and stored passwords on your iOS or Mac device – and all they’d have to do is send you a malicious image file.
Tyler Bohan of Cisco Talos found that a TIFF format file – sent via MMS, email or placed on a webpage that a victim is guided to visit – can hide malware which can run automatically, without being detected.
All Killer, No Filler
We’re bringing Momentum to New York: our newest event, showcasing only the best speakers and startups.
In addition to beaming across your authentication credentials on iOS, Mac OS X, tvOS and watchOS, the vulnerability can also allow attackers to remotely control Macs which don’t support sandboxing.
Thankfully, these issues have been patched by Apple; you’ll need to update to the latest versions of their operating systems – iOS 9.3.3, El Capitan 10.11.6, tvOS 9.2.2 and watchOS 2.2.2 – to stay safe.
If this sounds familiar, it’s because the security flaw is eerily similar to the Stagefright vulnerability discovered in Android devices last year. After it was spotted last August, a second version was uncovered in which hardware could be compromised by sending across an audio file.
Vulnerability Spotlight: Apple Remote Code Execution With Image Fileson Talos Blog
Read next: Use this map to find Pokémon in real-time before you head out to play Pokémon Go