Stagefright-Like Exploit Discovered in iOS, OS X, tvOS, and watchOS – Latest Updates Fix the Flaw

Stagefright-Like Exploit Discovered in iOS, OS X, tvOS, and watchOS – Latest Updates Fix the Flaw

Here’s another entry to add to your list entitled “Reasons Why I should be Running the Latest Versions of Apple’s Operating Systems on my Devices.” A Stagefright-like security hole has been found in iOS, OS X, tvOS, and watchOS. However, the latest versions of all operating systems fix the flaw.

Stagefright-Like Exploit Discovered in iOS, OS X, tvOS, and watchOS - Latest Updates Fix the Flaw

The bug, which is similar to last year’s Stagefright bug which afflicted Android devices, and could allow an attacker access to a device’s stored passwords and files simply by sending a user a malicious image file.


Cisco Talos senior security researcher Tyler Bohan found the critical bug in ImageIO, which is used to handle image data. An attacker could create an exploit – a little program that takes advantage of vulnerabilities – and send it via a multimedia message (MMS) inside a Tagged Image File Format (TIFF). Once received, the hack would launch. The user would have no chance of detecting the attack, which would begin to write code beyond the normal permitted boundaries of an iPhone’s texting tool.

Safari users are also vulnerable to the attack, as all a user would need to do is visit a website containing the malicious code, and the browser itself would parse the exploit, no interaction with the site on the user’s part would be required.

Apple has patched the flaw in its latest versions of the affected operating systems, which were all updated on Monday to the following versions: OS 9.3.3, OS X 10.11.6, tvOS 9.2.2 and watchOS 2.2.2, all of which patch the bug. Apple hasn’t yet released patches for either Mavericks or Yosemite.

As pointed out by MacWorld, this is all simply proof of concept at this stage. No exploits of the flaw have been found in the wild. Additionally, while infection by a malicious webpage was demonstrated by Cisco, MMS and iMessage have so far only been shown to be a potential risk. Cisco hasn’t yet proven that the exploit works in the real world. (Via 9to5Mac)

Details on all 43 flaws addressed in 9.3.3 can be found in Apple’s advisory. The company also released advisories for iTunes on Windows, SafaritvOSwatchOS, and OS X El Capitan.

  1. 204618 208030Id always want to be update on new weblog posts on this web web site , bookmarked ! . 519411

  2. 502056 827494Can anyone assist me out? It will be a lot appreciated. 113221

  3. nova88 says:

    90468 583812I really delighted to discover this internet site on bing, just what I was searching for : D too saved to fav. 678170

  4. 망가캣 says:

    685095 531942As soon as I located this internet site I went on reddit to share some of the enjoy with them. 753443

  5. 487734 393059Thank you for every other informative site. Exactly where else could I get that type of info written in such a perfect means? Ive a mission that Im just now operating on, and Ive been at the look out for such information. 518316

Leave a Reply

Your email address will not be published.