Categories: NewsTechnology

A single image can be used to steal your iOS and Mac passwords

A Cisco researcher has just found out that hackers can sneak into iOS or Mac devices, gaining control over the internal storage and passwords by using just a single image file. Using this vulnerability, hackers can even control Macs, which don’t support sandboxing, remotely.

Being referred to as “Apple Remote Code Execution With Image Files”, this vulnerability can be exploited by hackers to land into iOS, Mac OS X, tvOS, and watchOS systems using The Tagged Image File Format (TIFF). A TIFF image can specially be crafted so as to contain a Malware (Malicious Software). The image then can be sent by any means to the victim or it can just be placed on a web page to which the victim could be directed.

Tyler Bohan of Cisco Talos, mentions on his blog, “When rendered by applications that use the Image I/O API, a specially crafted TIFF image file can be used to create a heap-based buffer overflow and ultimately achieve remote code execution on vulnerable systems and devices.”

In order to protect themselves, users need to update their operating systems to the latest versions (i.e iOS 9.3.3, El Capitan 10.11.6, tvOS 9.2.2 and watchOS 2.2.2).

TIFF is a useful format, particularly famous among photographers and graphic designers who use it to save the image without losing any of the image’s data. This specialty causes the size to get relatively bigger.

Image — Business Insider

Sponsored
Muneeb Ahmad

I love to talk about global tech-happenings, startups, industry, education and economy. Get in touch: muneeb@techjuice.pk.

Share
Published by
Muneeb Ahmad

Recent Posts

Garena Free Fire India Launch Rumors: What Fans Need to Know

Reports suggest that Garena Free Fire is set to make a much-anticipated return to India.…

12 hours ago

Albania Bans TikTok for One Year: Here’s the Reason!

The Albanian government has announced a ban on the social media platform TikTok for a…

16 hours ago

Google Pixel 9 Pro vs. 8 Pro: Biggest Upgrades Compared

The launch of Google’s latest Pixel lineup brings an exciting chance to compare the new…

17 hours ago

Azad Kashmir to Host Pakistan’s First Women-Centric Software Technology Park

ISLAMABAD: In February next year, Pakistan is set to launch its first women-focused software technology…

18 hours ago

HEC Reveals Law Admission Test Date for LLB Students

The Law Admission Test (LAT) has been announced by the Higher Education Commission (HEC) of…

19 hours ago

Meta’s WhatsApp to Release New Playback Speed Feature for Videos

Meta's WhatsApp is rolling out a new playback speed feature, allowing users to adjust video…

1 day ago