Protect yourself from a particularly dangerous Apple exploit
Most hacks require some kind of user feedback. Whether it’s visiting a certain website, opening a certain .exe file, or clicking “yes” on an OK button, exploits are usually something we have to allow.
Apple identified a new bug last week, however, which uses a far more invasive entry technique which requires no user input at all. Rather than asking the user to actively allow the malicious code in, it appears instead as part of a TIFF image file which the operating system automatically processes on its own.
The exploit works in a very similar way to the Stagefright bug which was identified on Android devices earlier this year. When you look at a multi-media message or go to a website with pictures, the operating system never asks whether you want to see the images – it simply shows them to you. The exploit uses this convenient automated image processing as the way into your device. When the system opens the images for viewing, it opens the door for code embedded into the image.
Since there’s no decision point involved in the exploit, it is extremely difficult to trace and therefore just as difficult to remove.
Even worse, the exploit is common to all of the Apple operating systems, including Mac OS X, iOS, watchOS, and tvOS. There are some mechanisms in place on iPhones which make the exploit harder to take advantage of, but it is still a severe danger which should not be taken lightly.
Apple is out ahead of the exploit, and has already updated operating systems across all of its devices. ECHO strongly recommends that all its customers update their operating systems accordingly. Since this is a relatively simple exploit to use, time is of the essence – users will want to protect themselves immediately.
Updates can be found at:
- iPhones/iPads/iPods: https://support.apple.com/en-us/HT204204
- Laptop/Desktop computers: https://support.apple.com/en-us/HT201541
ECHO is strongly committed to cybersecurity, and provides its customers with 24/7 protection from the many threats they face. Looking to learn more about how to protect yourself from exploits, hacks, and cyber criminals? Contact us to set up an assessment of your company’s security measures.