In today's generation, iPhone is considered to be one of the most secured smartphones in the market today. But recently, there has been some reports that a bug, same as Android's "Stagefright" can enable a hacker to hack your iPhone and totally takeover your smartphone.
The critical bug has already assigned a CVE-2016-4631 and resides in ImageIO – API used to handle image data – and works across all widely-used Apple operating systems, including Mac OS X, tvOS, and watchOS. According to Bohan, the that the potential hacker needs to do is create an exploit for the bug and send it via a multimedia message (MMS) or iMessage inside a TIFF (Tagged Image File Format) format file. Once the hacker sends the message to an iPhone owner, the exploit is executed. The user would have no chance of detecting the attack, which would begin to write code beyond the normal permitted boundaries of an iPhone’s texting tool.
This highly critical bug which was discovered by Cisco Talos Senior Researcher, Tyler Bohan, also described it as an "extremely critical bug that is comparable to "stagefright" of Android, as far as the exposure can go on the iPhone."
The attack can be delivered as well thru the Safari Web Browser, For the web browser, the attacker needs to lure the victim to visit a malicious website in order to complete the process.
Details about this bug and all other 43 flaws addressed in 9.3.3 can be found in Apple’s advisory. Apple has taken congnizance of the severity of the bug and put out separate advisories for iTunes on Windows,Safari, tvOS, watchOS and OS X El Capitan.
No comments:
Post a Comment