Drop What You’re Doing And Go Download The New iPhone Update, Unless You Like Being Hacked


Does the idea of someone hacking into your phone via iMessage and stealing all your passwords sound like fun to you? No? Then go find yourself a wifi connection and update your phone. Now. Do it. Go.

Not to be fearmongers, but this really is important. Cisco Talos senior security researcher Tyler Bohan recently discovered a pretty huge security gap in Apple’s operating system (Bohan himself described it as an “extremely critical bug”). The problem is in the program used to handle image data. To get super technical, we’ll turn it over to Forbes, which originally broke the story to the public earlier this week:

An attacker could create an exploit – a little program that takes advantage of vulnerabilities – and send it via a multimedia message (MMS) inside a Tagged Image File Format (TIFF). Once received, the hack would launch. The user would have no chance of detecting the attack, which would begin to write code beyond the normal permitted boundaries of an iPhone’s texting tool.

And it’s not just iMessage that’s at risk. It’s possible that hackers could use Safari to deliver the attack — all you would have to do is visit a website infected with the malicious code.

What does the hacker get out of it? All the authentication credentials stored in your phone’s memory, including Safari cookies and website login information.

Terrified yet? No worries. Apple’s got you covered. Provided you’re responsible enough to actually go and download the patch. What are you waiting for? Get to it, before the hackers steal your stuff.

(Via Forbes)