This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 14 °C Sunday 21 April, 2019
Advertisement

iPhone and Mac users: there's a serious security bug you need to fix now

Updating your devices will patch a major flaw which would allow an attacker to steal passwords by sending you a message.

Image: Anthony Devlin/PA Wire

AS WITH ALL software updates, fixes for bugs and security flaws is par for the course. No matter what type of software you’re using, problems will be discovered and the best way to keep yourself safe is to keep your software updated as often as you can.

If you’re an iPhone or Mac user, then it’s especially important that you update to the latest version of iOS (9.3.3) and OS X (El Capitan 10.11.6) as a serious security flaw has been revealed.

The flaw was found by Tyler Bohan of Cisco Talos, a security intelligence agency, and since the flaw was found on iOS 9.3.2 and OS X 10.11.5, it’s believed that it’s present in older versions too.

He told Fortune that it was a “very high severity issue… an attacker could send a thousand iMessages to victims and the second they turn their phones on, they’re infected”.

The bug in question deals with iMessage, Apple’s messaging service. An attacker could create a TIFF (Tagged Image File Format, similar to a JPEG or other image file) with malware and then send it to a person using iMessage.

As iMessage automatically renders images on its default settings, it means the malware would start infecting the device as soon as it was received. It would give the attacker access to a device’s memory without the user knowing or being able to prevent it.

The attack could also be carried out over Safari, just by visiting a site with the code needed for the attack. The user wouldn’t have to interact with the site before it would kick off.

The flaw has been compared to one that affected Android devices last year called Stagefright, which used a similar method. By hiding malware within a video file, an attacker could send it through Google Hangouts and it would infect phones automatically.

Another bug which would allow a person to eavesdrop on FaceTime calls was also discovered. It has also been fixed by the iOS 9.3.3 update.

To fix it on iPhone, go into Settings > General > Software Update and update iOS there. If you’re on Mac, click on the Apple icon in the top left-hand corner and go to Software Update.

Read: A new smartphone screen will make smashed displays a rarer sight >

Read: This tech billionaire thinks your car will make you money when you’re not using it >

  • Share on Facebook
  • Email this article
  •  

About the author:

Quinton O'Reilly

Read next:

COMMENTS (10)