Are you the proud owner of Mac, IPhone or any Apple device? Do you believe that these gadgets are protected enough? Unfortunately, you’ll be disappointed. There have appeared specially-crafted messages. Having received such a message you should be careful, as your private data can be exposed.
It is quite similar to Stagefright vulnerabilities which were widespread last year. Android was attacked by it and approximately a Billion phones were spied on.
According to Tyler Bohan, the bug is supposed to be extremely critical. The location of the bug (CVE-2016-4631) is in ImageIO. Moreover, it fits itself into any operating system such as Mac OS X, tvOS, and watchOS.
As for the invasion, the exploit for the bug is created and sent using multimedia messages. Sometimes iMessage inside a Tagged Image File Format is also used. But this is not the only way for attacking. Besides, it can be performed using Safari web browser. In this case, a victim should visit a malicious website.
In fact, it is not necessary to interact with the user for attacking the device. If the message is received in the default configurations, the image is rendered automatically.
It is rather difficult to prevent being attacked. But if it has happened, it means all the private information such as passwords, credentials and email logins could be transferred to the attacker.
As you may know, sandbox protection is included into iOS so it’s impossible for the hacker to get the whole control of the phone. For accessing amplification it is necessary to continue jailbreak.
At the same time sandbox protection is not used by Mac OS X. So the attacker can have access to the device and makes it vulnerable to the attack.
This critical issue in iOS version 9.3.3 has been patched by Apple including other 42 vulnerabilities. The important security vulnerabilities have been addressed in FaceTime by Apple. A security engineer Martin Vigo discovered the FaceTime vulnerability (CVE-2016-4635).