#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 12°C Thursday 30 June 2022

iPhone and Mac users: there's a serious security bug you need to fix now

Updating your devices will patch a major flaw which would allow an attacker to steal passwords by sending you a message.

Image: Anthony Devlin/PA Wire

AS WITH ALL software updates, fixes for bugs and security flaws is par for the course. No matter what type of software you’re using, problems will be discovered and the best way to keep yourself safe is to keep your software updated as often as you can.

If you’re an iPhone or Mac user, then it’s especially important that you update to the latest version of iOS (9.3.3) and OS X (El Capitan 10.11.6) as a serious security flaw has been revealed.

The flaw was found by Tyler Bohan of Cisco Talos, a security intelligence agency, and since the flaw was found on iOS 9.3.2 and OS X 10.11.5, it’s believed that it’s present in older versions too.

He told Fortune that it was a “very high severity issue… an attacker could send a thousand iMessages to victims and the second they turn their phones on, they’re infected”.

The bug in question deals with iMessage, Apple’s messaging service. An attacker could create a TIFF (Tagged Image File Format, similar to a JPEG or other image file) with malware and then send it to a person using iMessage.

As iMessage automatically renders images on its default settings, it means the malware would start infecting the device as soon as it was received. It would give the attacker access to a device’s memory without the user knowing or being able to prevent it.

The attack could also be carried out over Safari, just by visiting a site with the code needed for the attack. The user wouldn’t have to interact with the site before it would kick off.

The flaw has been compared to one that affected Android devices last year called Stagefright, which used a similar method. By hiding malware within a video file, an attacker could send it through Google Hangouts and it would infect phones automatically.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

Another bug which would allow a person to eavesdrop on FaceTime calls was also discovered. It has also been fixed by the iOS 9.3.3 update.

To fix it on iPhone, go into Settings > General > Software Update and update iOS there. If you’re on Mac, click on the Apple icon in the top left-hand corner and go to Software Update.

Read: A new smartphone screen will make smashed displays a rarer sight >

Read: This tech billionaire thinks your car will make you money when you’re not using it >

About the author:

Quinton O'Reilly

Read next: