A Cisco researcher has discovered a new vulnerability wherein the stored passwords and internal storage can be accessed by hackers on Mac and iOS devices. This can be done easily by the hackers by sending the victim a malicious image file. The victim may be prompted to go to a particular website by clicking on a particular link which may be sent either through an email or a MMS of the file is sent in the TIFF format. Once the link is clicked, without being detected, the hidden malware runs automatically.
TIFF is a format that is useful and is mostly used by graphic designers and photographers who would like to save their images however do not want to lose out on the data of the images. This is used especially in the case wherein the size of image is a lot bigger in size.
Apart from gaining the access with the help of the credentials that can b used for the authentication on the watchOS, tvOS, Mac OS or iOS, it also makes your device vulnerable as it can be access remotely and the attackers can even control those Macs that are not sand boxing supportive.
When Apple got to know about these issues, they came up with a way to fix them by releasing various operating system’s latest update of the watchOS 2.2.2, tvOS9.2.2, El Capitan 10.11.6 and iOS 9.3.3 so that they can stay safe.
For those who might find this very familiar, the reason behind that is because of the similarity of the security flaw is because last year, on the Android devices, the same vulnerability was discovered. Last August, after it was spotted, the 2nd version had been released. However, it was also noticed that with the help of an audio file, the hardware could easily be compromised.