Last year’s Stagefright vulnerability, which could let someone control your Android phone with just a text, was a terrifying security hole that affected 95 per cent of all Android devices. It seems Apple caught a similar bug.
According to security research outfit Cisco Talos, Apple devices including the iPhone, Mac, Apple TV, and Apple Watch, can be corrupted simply by receiving a malicious image text, whether through iMessage, MMS, Mail, or webpages on Safari. Once a text is sent to a user’s phone, it creates a buffer overflow, which then allows for “remote code execution on vulnerable systems and devices.”
For the more technically minded, the problem stems from Apple’s Image I/O API, which runs on all of its various OSes and apps, and how it “parses and handles” TIFF images, according to Cisco Talos.
However, there is one crucial difference between Android’s Stagefright and Apple’s newly discovered weakness. Because Android is spread out among several manufacturers with a relatively lax install base (which Tim Cook loves to point out), security updates can be painfully slow going. But with Apple devices, the fix is already in place. Just make sure you are running the absolute latest software on all your devices. That includes:
- iOS 9.3.3
- El Capitan 10.11.6
- tvOS 9.2.2
- watchOS 2.2.2
It’s worth noting that Cisco Talos executed these hacks as a proof of concept on OS X and that not all vulnerabilities necessarily become exploits, according to security firm Sophos. But it’s best to practice vigilant software updating regardless. [Cisco Talos via The Guardian]