A researcher from Cisco has recently discovered a glitch common to some iOS devices that enables hackers to get into user’s phones, tablets, and laptop computers by simply sending an iMessage.
According to reports, hackers are able to breach iOS’s security through the use of a Tagged Image File Format (TIFF) file, or .TIF file, which is essentially an image file – similar to that of .jpg and .gif files – which hackers attach to an iMessage in an attempt to camouflage the attack as a normal message delivery.
It appears that the way some applications handle TIFF files renders a vulnerability that ultimately allows hackers to achieve remote code execution by exploiting the said flaw in the device’s system.
According to a blog post by Cisco’s Talos:
Tagged Image File Format (TIFF) is a file format that is popular with graphic artists, photographers and the publishing industry because of its ability to store images in a lossless format. TIFF was created to try to establish a common scanned image file format in the mid 1980s. Cisco Talos has discovered a vulnerability in the way in which the Image I/O API parses and handles tiled TIFF image files. When rendered by applications that use the Image I/O API, a specially crafted TIFF image file can be used to create a heap based buffer overflow and ultimately achieve remote code execution on vulnerable systems and devices.
The said flaw in the iOS system allows hackers access to the device’s internal storage — including the user’s stored passwords — which they can achieve by simply sending an iMessage containing the malicious .TIF file to their prospective victims.
Users with iPhones running on iOS earlier than the iOS 9.3.3 as well as MacBooks running on versions earlier than El Capitan 10.11.6 are said to be most vulnerable to these attacks, and are advised to get the latest updates to secure their devices.
Reports say that iOS devices running on iOS 9.3.3 or later, as well as MacBooks running on El Capitan 10.11.6 or later, are safe from these potentially dangerous attacks from hackers.
Apple is well-known for its nearly impeccable security system, but the latest reports on the potential security threats on its system once again puts the integrity of the tech giant’s security system on the spotlight.
Attacks carried out by hackers in the past have resulted in multiple scandals, which consequently rendered the security of Apple’s iCloud system questionable.
This is not the first glitch in the iOS system that enables hackers to take advantage of the device’s iMessage system. In the past, a glitch that caused iPhones to automatically restart whenever an iMessage containing certain Arabic characters is received and read on users’ phones.
Apple, however, is yet to comment on the matter.