‘Stagefright’ Threat For iOS and OS X Revealed?
“Stagefright” is best known as that vulnerability that cropped up but for Android-based devices. It is considered one of the worst malwares ever, something that could easily expose devices with a simple MMS message.
For Apple users, the issue was hardly something they had to worry about. It only targeted Android users though that may no longer hold true now.
Cisco researchers have stumbled upon something similar to “Stagefright” for Apple-based users and the discovery may allow attackers to gain control of an iOS or OS X backed device.
If the Android-related “Stagefright” was something that was carried out using MMS, this alleged threat for Apple owners comes in the form of images.
Five vulnerabilities to worry about
Cisco Talos names five potential vulnerabilities that could pave the way for the exploit. The set of bugs are CVE-2016-4631, CVE-2016-4629, CVE-2016-4630, CVE-2016-1850, and CVE-2016-4637, all tied up to how Apple handles image formats, ZDNet reported.
TIF image files are singled out as the ones which may place iOS or OS X users at risk. These are the image files normally used in publishing, OpenEXR, Digital Asset Exchange file format XML files, and BMP images.
Like the previous Android-related malware, this Apple version can go undetected. Hence, a hacker could easily send a malicious payload that would allow them to unleash several forms of attacks. That includes iMessage, malicious web pages, MMS messages or even email attachments.
Make sure iOS and OS X are updated
Cisco ended its discovery there to allow Apple to patch up the exploit. But the best way to avoid falling prey to this “Stagefright”-like of a problem is to make sure that devices are running on the latest OS versions.
Apple has made the iOS 9.3.3, El Capitan 10.11.6, tvOS 9.2.2 and watchOS 2.2.2 available though patches for Mavericks or Yosemite have yet to come out.
MacWorld points out that the claims by Cisco is simply a proof of concept and that everything was simply a showcase of the vulnerability of the OS X. Regardless, it technically advises most to keep their devices up to date.