It’s like “The Ring” for your iPhone: just viewing one texted photo could get it hacked.
Experts are urging Apple users to manually update their operating systems after Apple issued a patch for a new security exploit that could let a hacker take over their devices with a single image.
The photo could be on a website or sent by email. Or just an MMS text message. All the attacker would need to know is your cellphone number.
Security outfit Cisco Talos last week disclosed that they had found several “remote code execution vulnerabilities in Apple OS X related to processing image formats.”
In other words, hackers could theoretically hide malicious instructions inside the code for a photo sent to you to launch an attack on your device. Specifically the risks were found in the popular “BMP” and “TIFF” image file formats.
If your operating system is earlier than 9.3.3 on iOS or earlier than 10.11.6 for OS X, it could be vulnerable.
To update on your iOS, go to Settings > General > Software Update. Tap “Download” and “Install.” To update your desktop or laptop OS, click on the “Apple” menu and select “Software Update.”
Talos researcher Tyler Bohan told Forbes the issue was “an extremely critical bug… the receiver of an MMS cannot prevent exploitation and MMS is a store and deliver mechanism, so I can send the exploit today and you will receive it whenever your phone is online.” A Cisco representative was not immediately available for comment.
Apple declined to comment but in announcing its patch it cited the research by the Talos team and said the fix would resolve how “a remote attacker may be able to execute arbitrary code.”
The attack is theoretical at this point and there have been no reports of it being used.
The researchers gave advance notice of their findings to Apple, who issued a patch before the group made their discovery public.
And while the updates should hit your phone or computer by themselves at some point, experts say there’s no benefit to being lazy.