CYBERCRIMINALS can infect your iPhone by sending you a single song to play, it has been revealed. Fortunately, there is a simple solution for Apple iPhone owners to protect themselves against the scam.
iPhone users need to be aware of a terrifying new hack.
The newly-disclosed vulnerability allowed hackers to use audio files to execute malicious code on your Apple device.
The malware would be hidden inside the media file, which would then automatically execute whenever the song was played on your smartphone or tablet.
An anonymous hacker, working in collaboration with the Zero Day Initiative, disclosed two bugs within iOS that would allow malicious code to run as soon as an audio file was played on an Apple smartphone.
The latest hack affected iOS, watchOS and tvOS, the operating system that powers the latest generation of Apple TV.
For undisclosed reasons, the Zero Day Initiative was not allowed to talk about these bugs until today.
The two vulnerabilities allowed MP4 media files – as well as .M4A audio files – to bypass the security features built into iOS, watchOS and tvOS.
Both of the identified vulnerabilities took advantage of a lack of proper validation of user-supplied data, Forbes has claimed.
As soon as the malware-laced audio file was opened on your iPhone, the dangerous, hidden malicious code could execute.
The new iPhone hack is very similar to an exploit that affected the Android operating system back in 2015, when security researchers discovered they could hide malware inside MP3 and MP4 files. Thankfully, there is a solution for iPhone owners – update your device.
Apple has quashed both vulnerabilities in the latest version of its mobile operating system, iOS 10.3.
To update your device head to Settings > General > Software Update to make sure your Apple device is protected against this hack.
iOS 10.3 also protects against a terrifying ransomware hack.
According to ArsTechnica, the latest update fixes an issue that allowed hackers to remotely take control of your web browser – allowing them to demand a ransom from the user before handing back control of the device to the user.
It was possible to prevent the ransom demand prior to iOS 10.3, however, that meant clearing the browsing history and the cache.
That’s not something most users would be able to do.
Fortunately, Apple has now closed the hole that was being exploited by cybercriminals – so that hackers will never be able to pull this hack off again.
Researchers from security firm Lookout have detailed how hackers were able to capture users and trick them into handing over a ransom fee.
Writing in the official Lookout blog, Andrew Blaich, Jeremy Richards, and Kristy Edwards post: “The scammers abused the handling of pop-up dialogs in Mobile Safari in such a way that it would lock out a victim from using the browser.
“The attack would block use of the Safari browser on iOS until the victim pays the attacker money in the form of an iTunes Gift Card.
“During the lockout, the attackers displayed threatening messaging in an attempt to scare and coerce victims into paying.
“Its purpose is to scare the victim into paying to unlock the browser before he realizes he doesn’t have to pay the ransom to recover data or access the browser.
“Lookout found this attack in the wild last month, along with several related websites used in the campaign, discovered the root cause, and shared the details with Apple.”
Security scares aside, iOS 10.3 also includes a number of nifty new user-facing features.
For example, Siri now supports paying and checking the status of a bill with payment apps, and can now be used to schedule ride booking apps.
You can also now ask the voice assistant to check the fuel level in your car, as well as turn on the headlights and activate the horn.
Cricket sports scores and statistics for Indian Premier League and International Cricket Council are also now supported in Siri.