Categories: NewsTechnology

A single image can be used to steal your iOS and Mac passwords

A Cisco researcher has just found out that hackers can sneak into iOS or Mac devices, gaining control over the internal storage and passwords by using just a single image file. Using this vulnerability, hackers can even control Macs, which don’t support sandboxing, remotely.

Being referred to as “Apple Remote Code Execution With Image Files”, this vulnerability can be exploited by hackers to land into iOS, Mac OS X, tvOS, and watchOS systems using The Tagged Image File Format (TIFF). A TIFF image can specially be crafted so as to contain a Malware (Malicious Software). The image then can be sent by any means to the victim or it can just be placed on a web page to which the victim could be directed.

Tyler Bohan of Cisco Talos, mentions on his blog, “When rendered by applications that use the Image I/O API, a specially crafted TIFF image file can be used to create a heap-based buffer overflow and ultimately achieve remote code execution on vulnerable systems and devices.”

In order to protect themselves, users need to update their operating systems to the latest versions (i.e iOS 9.3.3, El Capitan 10.11.6, tvOS 9.2.2 and watchOS 2.2.2).

TIFF is a useful format, particularly famous among photographers and graphic designers who use it to save the image without losing any of the image’s data. This specialty causes the size to get relatively bigger.

Image — Business Insider

Sponsored
Muneeb Ahmad

I love to talk about global tech-happenings, startups, industry, education and economy. Get in touch: muneeb@techjuice.pk.

Leave a Comment
Share
Published by
Muneeb Ahmad

Recent Posts

Sindh Assembly Reveals 28,500 Govt Employees’ Spouses as Illegal BISP Beneficiaries

The Sindh Assembly was informed that over 28,500 employees of the provincial government were unlawfully…

60 mins ago

SBP Eases Policy Rate by 2.5% as Inflation Shows Steady Decline

The Monetary Policy Committee (MPC) of the State Bank of Pakistan decided to cut the…

1 hour ago

SECP to Host Pakistan Startup Summit in Karachi Next Week

The Securities and Exchange Commission of Pakistan (SECP) is organizing the Pakistan Startup Summit, which…

1 hour ago

Fake News by Pakistani AI Website Sparks Turmoil in Ireland

On October 31, 2024, Halloween was celebrated worldwide, and the holiday spirit still lingers. Pakistan…

2 hours ago

Pak Suzuki Drops Popular Graphite Grey from Vehicle Lineup in Pakistan

Pakistan Suzuki Motor Company (PSMC) has announced the discontinuation of the widely favored Graphite Grey…

2 hours ago

Pakistani Passport Continues to Rank Among the Worst in the World

According to the most recent Henley Passport Index, Pakistan's passport is still one of the…

21 hours ago