If you remember the Stagefright vulnerability in Android discovered in July last year, you will know that a potential hacker can gain full access to your smartphone just by sending a specially crafted multi-media message. The Apple’s iOS operating system also has a similar vulnerability which can be used by potential hackers to remotely take over your iPhone
This highly critical bug in iOS was discovered by Cisco Talos senior researcher Tyler Bohan, who described the flaw as “an extremely critical bug, comparable to the Android Stagefright as far as exposure goes.”
The critical bug has already assigned a CVE-2016-4631 and resides in ImageIO – API used to handle image data – and works across all widely-used Apple operating systems, including Mac OS X, tvOS, and watchOS. According to Bohan, the that the potential hacker needs to do is create an exploit for the bug and send it via a multimedia message (MMS) or iMessage inside a TIFF (Tagged Image File Format) format file. Once the hacker sends the message to an iPhone owner, the exploit is executed. The user would have no chance of detecting the attack, which would begin to write code beyond the normal permitted boundaries of an iPhone’s texting tool.
The attack could also be delivered through Safari web browser. For this, the attacker needs to trick the victim into visiting a website that contains the malicious payload.
The attack which is similar to Android’s Stagefright vulnerability can also be exploited by making the iPhone owner visit a malicious website containing the malicious payload through iOS default Safari browser. As in Stagefright, the iOS bug also requires no explicit user interaction would be required to launch the attack since many applications (like iMessage) automatically attempt to render images when they are received in their default configurations.
As said above, the bug can be exploited unknown to the hapless iPhone owner and can give the hacker access to the victim’s authentication credentials stored in memory such as Wi-Fi passwords, website credentials, and email logins. However, for taking full access to the victim’s iPhone, the hacker would need a further iOS jailbreak or root exploit. That’s because iOS enjoys sandbox protection, which prevents hackers exploiting one part of the operating system to own the whole thing.
The bugs uncovered by Bohan work across all widely-used Apple operating systems, however, including Mac OS X, tvOS and watchOS. Bohan noted that as Mac OS X doesn’t have sandboxing like iOS, it offers the potential hacker a full opportunity for exploiting the above bug and remotely taking over the Mac with the victim’s password. This makes Apple’s MacBooks highly vulnerable to a remote takeover through simple specially crafted email. “Exploitation wise, Talos estimates there is about a two-week effort to get
“Exploitation wise, Talos estimates there is about a two-week effort to get from the information we disclosed publicly to a fully working exploit with a decent amount of reliability,” Bohan added. also found memory corruption issues in iOS’ CoreGraphics, which helps render 2D graphics across those OSes.
Bohan also found memory corruption issues in iOS’ CoreGraphics, which helps render 2D graphics across those OSes. Another serious flaws patched by Apple this week resided in FaceTime, permitting anyone on the same network as a user to spy on their conversations. As per Apple’s description, “an attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated.” Martin Vigo, a security engineer at Salesforce, uncovered the bug.
Details on all 43 flaws addressed in 9.3.3 can be found in Apple’s advisory. Apple has taken congnizance of the severity of the bug and put out separate advisories for iTunes on Windows,Safari, tvOS, watchOS and OS X El Capitan.