Apple Inc. gadgets are hugely at risk of being hacked right now. That is, those that haven’t upgraded to the latest available OS 9.3.3. The news is backed by Cybersecurity and research firm Cisco’s Talos, which explains that, right now, iPhone and Mac users are very easily be exposed to hackers. This is unless they download their device’s latest software patch.
The U.S. tech firm only made versions 9.3.3 of its iOS and OS X available on Thursday, the 21 July.
Cisco’s Talos has warned iPhone and Mac users of a massive vulnerability that sits in their gadget platforms. Left unattended, hackers and other third-party tools could open Apple fans up to some very easy methods of device exploitation.
Cisco’s Talos reports Apple bug
The news came about when the research company released the latest patches it made to versions 9.3.2 and below. Talos helped Apple Inc. fix many of the bugs identified in prior versions. According to them, at least 5 major code execution risks at play in the company’s older OSs.
These vulnerabilities can be exploited via ImageIO on older software. ImageIO is a platform with the OSs that reads and writes image data.
Cisco’s Talos says that all these bugs are a massive risk because “Apple Core Graphics API, Scene Kit and Image I/O are used widely by [Apple] software.” The firm goes on to explain how image files stand among the most perfect attack vectors due to how simple they can be transferred online without drawing attention to the person being attacked.
What makes these Apple device security flaws so concerning is that they are not just simple to exploit. They also reside in just about every iPhone or Mac that hasn’t upgraded to the latest software.
CVE-2016-4631, that is the title of the most dangerous of the bugs. It is mainly attached to TIFF files, which are the most common extensions used in the professional image industry. Publishers, Photoshoppers and digital graphic artists are drawn to the file extension due to its widely accommodating nature.
Hackers can breach i-devices
“When rendered by applications that use the Image I/O API, a specifically crafted TIFF image file can be used to create a heap-based buffer overflow,” Talos personnel explained. Ultimately, this can be used to “achieve remote code execution on vulnerable systems and devices.”
CVE-2016-4631 can be manipulated through a number of ways that really don’t need the device owner’s attention. This is mostly due to the fact that many apps, especially those native to Apple, simply render the pictures as soon as they land on the device, said the Talos team.
Nearly 15 percent of all iOS devices run versions 8 and below. This means that around 100 million iPhones, iPads and iPods are extremely vulnerable to the bug. The scale of this vulnerability is clearly massive but is also very avoidable. Apple Inc. users can, and are urged, to protect themselves by upgrading to the latest available OS.