Hackers can steal your iOS and Mac passwords with a single image file
A new vulnerability discovered by a Cisco researcher could allow hackers to gain access to the internal storage and stored passwords on your iOS or Mac device – and all they’d have to do is send you a malicious
image file.
Tyler Bohan of Cisco Talos found that a TIFF format file – sent via MMS, email or placed on a webpage that a victim is guided to visit – can hide malware which can run automatically, without being detected.
In addition to beaming across your authentication credentials on iOS, Mac OS X, tvOS and watchOS, the vulnerability can also allow attackers to remotely control Macs which don’t support sandboxing.
Thankfully, these issues have been patched by Apple; you’ll need to update to the latest versions of their operating systems – iOS 9.3.3, El Capitan 10.11.6, tvOS 9.2.2 and watchOS 2.2.2 – to stay safe.
If this sounds familiar, it’s because the security flaw is eerily similar to the Stagefright vulnerability discovered in Android devices last year. After it was spotted last August, a second version was uncovered in which hardware could be compromised by sending across an audio file.
Vulnerability Spotlight: Apple Remote Code Execution With Image Files on Talos Blog
 
 
 
 
 
No comments: