by | | 0 comment(s)

Apple Macs: false sense of security is a dangerous thing

Vulnerability discovered in Macs and iOS devices

This week, Apple has issued patches to what has been described as an extremely high security threat, delivered via multimedia text message, containing image files in TIFF format. TIFF is less common than Jpeg or GIF, as it is typically used to store high-resolution images for print and other production purposes.

By this token, TIFF files can be very large, and must be generated in specialized graphic programs like Photoshop or Illustrator. A regular smartphone, like an iPhone or an Android phone does not generate TIFF image files, as that would be an extremely inefficient way to store pictures, not to mention the mobile processor would have a hard time decoding images in TIFF format as their volume grows.

The vulnerability was discovered by Cisco security researcher Tyler Bonham, who has reported some chilling details about the method of delivery of the malware in question.

As previously mentioned, it is sufficient for a hacker to send a text message, or even an email, with a TIFF image attached, laced with malware. When opening the message in iMessage, the image renders automatically, and runs any code that the file contains, including malware designed to do virtually anything, from merely stealing passwords and other information, to taking control of the host device and use it to infect other devices, as well as computers.

Mac and iOS users are advised to patch all their devices to the latest version, as soon as possible, including iPhone, iPad, MacBook and iMac, as there is no way to detect, or stop the malware from being executed. Even worse, the same security hole exists across all versions of OS X and iOS, except for iOS 9.3.3 and Mac OS X El Capitan 10.11.6.

With almost 14% of iOS devices still running iOS 8, 97 million iPhones and iPads are now officially a target. The number of devices that run iOS 9, as well as figures regarding MacBooks, iMacs, Mac Minis and Mac Pros are a little harder to measure, but the number of users who could be targeted by the hack could embolden hackers into putting as much as much effort into attacking Macs as they do with Windows PCs, shaking the somewhat prevalent false sense of security typical of Apple users.

Mac-based malware isn’t a new thing, and considering that this year alone, the Mac OS X has seen the rise of threats as high as ransomware, making their way into the Mac Apps Store, it might be worth it to consider taking better precautions, such as refraining from opening emails that appear from a non-identified source, or that may raise red flags in regard to the original sender. Even if the email does not contain attachments, there are ways for this type of malware to work, such as leading the recipient to click on a web link where the incriminated TIFF image is displayed, which is enough to trigger malware, from within the Safari browser.

You must be logged in to post comments.