Apple’s reputation as a privacy and security-centric company with respect to the iOS and iPhone, in general, took a huge blow when the FBI successfully unlocked an iPhone without Cupertino’s help.
This was after a long battle with the company where it refused to help the agency with unlocking the said iPhone. However, the FBI used other experts to successfully unlock the device. Ever since it seems hackers have started finding joy in exploiting other holes in Apple’s system. The latest report claims that it is now possible for malicious users to take control of your iPhone, iPad, Mac, Apple Watch or even Apple TV via a simple iMessage. This is, however, not limited to the Apple messaging app, but also via email.
The hole is in the Image I/O API that is tasked with handling of pictures, something that means hackers can use a Tagged Image File Format (TIFF) file to force what is known as buffer overflow. Once this happens, the hacker is able to get through the company’s security walls and by so doing, they can run or install their own code on the affected device.
Apparently, the vulnerability can be triggered by an app that makes use of the Apple Image I/O API as far as rendering TIFF images is concerned. What this means is that apps such as iMessage, Mail, Safari as well as MMS, among others, which use this API, are all open to this attack. The worst part of the story is that the vulnerability can be exploited without explicit interaction with the user since most of these apps carry out automatic rendering of images immediately they are received. Once the image is viewed, be it manually or automatically, the attacker can proceed with taking over of the said device.
With this vulnerability, hackers can get into your iPhone or Mac and steal passwords and other personal information stored on the device without your knowledge. At the time of this writing, iPhone users can update to iOS 9.3.3 that reportedly addresses the issue. The story is the same for those using Mac, with the updated version being OS X 10.11.6. For those on Apple TV, check out for tvOS v9.2.2 while Apple Watch users can update to watchOS v2.2.2. Make sure you have updated your device’s software to the latest version to avoid this vulnerability.
There is a bigger problem for those using iPhone 4 and below. This is because the newly released iOS 9.3.3 is not compatible with these older iPhone models, meaning these devices are still at risk.