Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Anthony Devlin/PA Wire

iPhone and Mac users: there's a serious security bug you need to fix now

Updating your devices will patch a major flaw which would allow an attacker to steal passwords by sending you a message.

AS WITH ALL software updates, fixes for bugs and security flaws is par for the course. No matter what type of software you’re using, problems will be discovered and the best way to keep yourself safe is to keep your software updated as often as you can.

If you’re an iPhone or Mac user, then it’s especially important that you update to the latest version of iOS (9.3.3) and OS X (El Capitan 10.11.6) as a serious security flaw has been revealed.

The flaw was found by Tyler Bohan of Cisco Talos, a security intelligence agency, and since the flaw was found on iOS 9.3.2 and OS X 10.11.5, it’s believed that it’s present in older versions too.

He told Fortune that it was a “very high severity issue… an attacker could send a thousand iMessages to victims and the second they turn their phones on, they’re infected”.

The bug in question deals with iMessage, Apple’s messaging service. An attacker could create a TIFF (Tagged Image File Format, similar to a JPEG or other image file) with malware and then send it to a person using iMessage.

As iMessage automatically renders images on its default settings, it means the malware would start infecting the device as soon as it was received. It would give the attacker access to a device’s memory without the user knowing or being able to prevent it.

The attack could also be carried out over Safari, just by visiting a site with the code needed for the attack. The user wouldn’t have to interact with the site before it would kick off.

The flaw has been compared to one that affected Android devices last year called Stagefright, which used a similar method. By hiding malware within a video file, an attacker could send it through Google Hangouts and it would infect phones automatically.

Another bug which would allow a person to eavesdrop on FaceTime calls was also discovered. It has also been fixed by the iOS 9.3.3 update.

To fix it on iPhone, go into Settings > General > Software Update and update iOS there. If you’re on Mac, click on the Apple icon in the top left-hand corner and go to Software Update.

Read: A new smartphone screen will make smashed displays a rarer sight >

Read: This tech billionaire thinks your car will make you money when you’re not using it >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Quinton O'Reilly
View 10 comments
Close
10 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds