A Single Text Can Give Hackers Access To Your iPhone

A Single Text Can Give Hackers Access To Your iPhone

Last year’s Stagefright vulnerability, which could let someone control your Android phone with just a text, was a terrifying security hole that affected 95 per cent of all Android devices. It seems that Apple caught a similar bug.

Image: Alex Cranz

According to security research outfit Cisco Talos, Apple devices including the iPhone, Mac, Apple TV and Apple Watch can be corrupted simply by receiving a malicious image text, whether through iMessage, MMS, Mail or webpages on Safari. Once a text is sent to a user’s phone, it creates a buffer overflow, which then allows for “remote code execution on vulnerable systems and devices”.

For the more technically minded, the problem stems from Apple’s Image I/O API, which runs on all of its various OSes and apps, and how it “parses and handles” TIFF images, according to Cisco Talos.

However, there is one crucial difference between Android’s Stagefright and Apple’s newly discovered weakness. Because Android is spread out among several manufacturers with a relatively lax install base (which Tim Cook loves to point out), security updates can be painfully slow going. But with Apple devices, the fix is already in place. Just make sure you are running the absolute latest software on all your devices. That includes:

  • iOS 9.3.3
  • El Capitan 10.11.6
  • tvOS 9.2.2
  • watchOS 2.2.2

It’s worth noting that Cisco Talos executed these hacks as a proof of concept on OS X and that not all vulnerabilities necessarily become exploits, according to security firm Sophos. But it’s best to practise vigilant software updating regardless.

[Cisco Talos via The Guardian]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.