Remember that dreaded Stagefright vulnerability discovered in millions of Android devices a year ago? At the time this critical vulnerability allowed hackers to access millions of devices using nothing more than a malicious text message. Now it seems a similar type of weakness has been found with anyone owning a recent Apple device.
Described as the “most sophisticated spyware” ever seen, this Apple-only hack exploits three software vulnerabilities, present across many different Apple devices since Apple reuses a lot of the same software code throughout all of their devices and it looks like this vulnerability could let a hacker take control over the compromised device with the tap of a finger.
Well, it looks like a flaw in earlier versions of Apple software running on all of their current devices for iOS,OS X, tvOS and watchOS makes it possible for hackers to remotely steal saved passwords from your Apple devices without your knowledge and research security experts have localized it to a serious vulnerability in “ImageIO,” a framework built into Apple’s platforms that handle image data. It seems like hackers are able to take advantage of this to steal passwords stored locally on your devices. This includes Wi-Fi keys, login details for websites visited in Safari, and email passwords.
Apple warned that visiting a “maliciously crafted website” in the Safari web browser could lead hackers to install spy software on a computer.
Also, clicking the link or viewing a photo on a phone from a text activates this piece of espionage software called “Pegasus” that will then take advantage of a memory vulnerability on Apple’s mobile device and computers. Once activated, a malicious hacker could read a users messages, access their bank details and track their location, among other things. The worst thing is the user would have no idea they are hacked nor have any chance of protecting themselves.
Israeli surveillance company NSO Group Technologies, which sells spying software to governments, is suspected of having created the exploit. The company claims to only sell its programs to “authorised governmental agencies, and fully complies with strict export control laws and regulations”.
The best solution is to make sure you have the latest’s updates on both your Apple computers and mobile devices since Apple has applied a fix to this vulnerability.
To update your computers to the latest software you want to open the App Store, select updates and let it scan to make sure you are updated. If any security updates show up you want to make sure you apply those.
To update your mobile devices you want to go into Settings, General, Software Update and make sure you have the latest update – which is currently 9.3.5.