New vulnerabilities exposed by Apple operating system are not spared except the latest version.

Source: Internet
Author: User

New vulnerabilities exposed by Apple operating system are not spared except the latest version.

Security researchers recently discovered a huge security vulnerability in Apple's operating system. Hackers only need to know your mobile phone number to exploit this security vulnerability to steal users' passwords.

This security vulnerability was discovered by Taylor Bohan, a senior researcher at Cisco's Talos security research team. Forbes first reported this discovery. Hackers intrude into Apple's operating system center and use the system to process image imports and image outputs for attacks.

Hackers exploit this vulnerability to launch attacks as follows: the hacker first creates a malicious software in the TIFF file format. TIFF is another image format similar to JPG and GIF. Then, the hacker uses iMessage to send the file to the target object. This attack is especially effective because iMessage transmits images in the default format.

Once a file is received by a target object, malware can be executed on the target device to attack the device's memory and steal the password stored in it. Victims do not even have the opportunity to block such attacks. The same attack can be carried out via email or spoofed to use Apple's Safari browser to access a website containing malware.

Worse. This security vulnerability exists in all versions of iOS and OS X systems, except for the latest version released by Apple in July 18. After discovering this vulnerability, Boen informed Apple's top management, so Apple fixed the vulnerability in the latest system. That is to say, the secure version of iOS is iOS 9.3.3, and the secure version of OS X is El Capitan 10.11.6.

Security research firm Sophos pointed out that there is another solution to this vulnerability: Disable the iMessage program in the iPhone and disable MMS text messages. This means that you can only accept text information, not image information.

The impact of this vulnerability is astonishing. Apple revealed that 14% of iOS devices run iOS 8 or earlier versions. It is estimated that there are more than 0.69 billion active iOS devices worldwide, which means at least 97 million iOS devices are vulnerable to hacker attacks. This does not include devices that are higher than iOS 8 but lower than iOS 9.3.3. Apple once revealed that there are more than 1 billion active Apple devices worldwide, but no specific figures are provided.

Apple's new vulnerability reminds people of a similar vulnerability in Google's Android system. This vulnerability in Google is called Stagefright, which was discovered last year. Stagefright also uses virus-infected images to launch attacks.

This article permanently updates the link address:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.