Apple's operating system exposes new vulnerabilities except for the latest version
Security researchers recently found that Apple's operating system has huge security vulnerabilities. Hackers only need to know your mobile phone number to use this security vulnerability to steal users' passwords.
This security vulnerability was discovered by Tyler Bohan, a senior researcher of Cisco Talos security research group. Some media reported this discovery. Hackers broke into the center of Apple's operating system and used the system to process image import and image output to attack.
The hacker's attack process to exploit this vulnerability is as follows: The hacker first creates a malware in TIFF file format, which is another image format similar to JPG and GIF. Then, the hacker uses iMessage to send the file to the target object. This attack is particularly effective because iMessage will send images in the default format.
Once the file is received by the target object, the malware can be executed on the target device to attack the device's memory and steal the password stored in it. The victim did not even have a chance to stop the attack. The same attack can be carried out via email, or cheat users to use Apple's Safari browser to visit a website containing malicious software.
Worse still. This security vulnerability exists in all versions of iOS and OS X systems, except for the latest version released by Apple on July 18. Boen notified Apple executives after discovering the vulnerability, so Apple fixed the vulnerability in the latest system. In other words, the security version of iOS is iOS 9.3.3, and the security version of OS X is El Capitan 10.11.6
Sophos, a security research company, pointed out that there is also a solution to this vulnerability: close the iMessage program in the iPhone, and prohibit MMS messages. This means that you will only receive text messages, not image messages.
The impact of this vulnerability is staggering. According to Apple, 14% of iOS devices run iOS 8 or earlier systems. It is estimated that there are more than 690 million active iOS devices worldwide, which means that at least 97 million iOS devices are vulnerable to hacker attacks. This does not include devices higher than iOS 8 but lower than iOS 9.3.3. Apple once revealed that there are more than 1 billion active Apple devices in the world, but did not disclose the specific number.
This newly discovered vulnerability in Apple's system is reminiscent of a similar vulnerability in Google's Android system. This vulnerability in Google's system, called Stagefright, was discovered last year. Stagefright also uses sending images with viruses to implement attacks.
