An alarming vulnerability in iOS has been reported by Tyler Bohan, Cisco Talos senior security researcher. The bug enables access to passwords stored on a user’s iPhone once the hacker has the mobile number to which it’s tied. Apparently, it’s just as deadly as Android Stagefright in terms of exposure.
Fear not, for Apple has fixed this hole in iOS 9.3.3. But those who are running an earlier build of the operating system need to update immediately. To check which version of iOS is on your iPhone, go to Settings > General > About. If you don’t have the latest, go back to the General section and hit Software Update.
Preferably, do this over Wi-Fi in case your cellular data is slow or expensive or both. The flaw is found in ImageIO (handles image data). It would enable a hacker to send a malicious program in Tagged Image File Format (TIFF) over MMS. There’s nothing users can do to avoid it, short of disabling iMessages until they move to the latest iOS update.
As Bohan explains, ‘MMS is a store and deliver mechanism.’ As soon as the would-be victim’s iPhone is online, they will end up receiving it. Worryingly enough, the bug can reach your Apple smartphone via the Safari browser too through a website containing the infected program. Hackers may not be able to take over control of an iOS device through this exploit though.
Also see: iOS 10 to warn iPhone users when Lightning port gets wet
But Apple’s Mac OS X, tvOS and watchOS which do not enjoy sandbox protection (unlike iOS) are left open to the full force of the attack, reports Forbes. Advisories for iOS, Safari, OS X El Capitan, iTunes on Windows, tvOS and watchOS can be checked out by following the respective links.