The senior security researcher at Cisco Talos, Tyler Bohan has found a critical vulnerability in all Apple devices, that can be exploited by a malicious image. Hence, the security specialists compared the latest iOS security flaw with the Stage Fright.
Now A Message Can Remotely Hack Your iPhone
Apple has a critical security flaw plugged into the latest version of iOS. Hackers can easily gain access remotely to the iPhone with just a MMS (a text with a picture) and identify the device passwords.
The leak is in ImageIO that processes image data and is used in all Apple products. Security specialist and the senior security researcher at Cisco Talos, Tyler Bohan found the critical vulnerability and compared the problem with the Stage Fright bugs in Android, in which a device can be hacked with a simple message.
The vulnerability can be exploited in Apple devices using a Tagged Image File Format (TIFF) file. Once you have received the image the hack can be started via MMS or Safari. A TIFF file to indicate an invalid width, a heap overflow can occur, and can be performed remotely malicious code. In this way, hackers can steal passwords, among others.
Hence with this flaw, hackers could also easily access the Wi-Fi passwords and the information that you used in your phone browser, including the websites and e-mails. However, to fully take over the phone, first the attacker “jailbreak’s” the device, a way that will remove all the standard restrictions of iOS which is a lot more difficult.
Moreover, the attack could also be delivered through the mobile web browser Safari and to perform this move the attacker needs to trick the victim into visiting a fake website that contains the malicious payload.
As we all know that the same kind of hack we saw before on Android last year known as Stage Fright, which allowed hackers to silently spy on almost billion phones with just one specially-crafted text message. But according to the Tyler Bohan the leak in Apple’s system even more extreme.
Meanwhile, the tech giant Apple has rolled out an update that can stop the security flaw. So, it is advisable to perform the update as soon as possible.
