Header Ads

Apple OS Can Be Hacked Remotely With Just A Message

Cisco Talos senior researcher Tyler Bohan, who discovered this critical Stagefright-type bug in iOS, described the flaw as "an extremely critical bug, comparable to the Android Stagefright as far as exposure goes."

Just a year ago vulnerabilities in Android allowed hackers to quietly spy on nearly a billion phones with one specially-crafted text. 

iPhone owners should now take note: a security researcher today warned there are comparable vulnerabilities to those Stagefright bugs in iOS allowing completely silent, almost undetectable password theft from iPhones. Apple AAPL +0.14% has patched the flaws in iOS 9.3.3, however, and users have been advised to update as soon as they can.

All an attacker needs to do is create an exploit for the bug and send it via a multimedia message (MMS) or iMessage inside a Tagged Image File Format (TIFF).

Once the message received on the victim's device, the hack would launch.

The critical bug (CVE-2016-4631) actually resides in ImageIO – API used to handle image data – and works across all widely-used Apple operating systems, including Mac OS X, tvOS, and watchOS.

The attack could also be delivered over Safari; all that would be required would be for the user to visit a website containing the malicious code and for the browser to parse the exploit. No interaction with the site would be required.

Bohan described the issue as “an extremely critical bug, comparable to the Android Stagefright as far as exposure goes.” “The receiver of an MMS cannot prevent exploitation and MMS is a store and deliver mechanism, so I can send the exploit today and you will receive it whenever your phone is online,” he added.

In both the cases, no explicit user interaction would be required to launch the attack since many applications (like iMessage) automatically attempt to render images when they are received in their default configurations.
It is quite difficult for the victim to detect the attack, which if executed, could leak victims' authentication credentials stored in memory such as Wi-Fi passwords, website credentials, and email logins, to the attacker.

Since iOS include sandbox protection to prevent hackers exploiting one part of the OS to control the whole thing, a hacker would require a further iOS jailbreak or root exploit to take total control of the complete iPhone.

However, Mac OS X does not have sandbox protection that could allow an attacker to access the Mac computer remotely with the victim's passwords, potentially making users of Apple's PCs completely vulnerable to the attack.

Apple has patched this critical issue in iOS version 9.3.3, along with patches for other 42 vulnerabilities, including memory corruption bugs in iOS' CoreGraphics that helps render 2D graphics across those OSes, according to Apple's advisory.

He also found memory corruption issues in iOS’ CoreGraphics, which helps render 2D graphics across those OSes. Another serious flaws patched by Apple this week resided in FaceTime, permitting anyone on the same network as a user to spy on their conversations. As per Apple’s description, “an attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated.” Martin Vigo, a security engineer at Salesforce, uncovered the bug.

Details on all 43 flaws addressed in 9.3.3 can be found on Apple’s advisory. The tech titan also put out advisories for iTunes on Windows, Safari, tvOS, watchOS and OS X El Capitan

So users are advised to patch their devices as it would not take enough time for bad actors to take advantage of the vulnerabilities, which are now known.

source: FORBES

No comments

blogmytuts. Powered by Blogger.