Reveal vulnerability to extract various authentication information / password of iPhone just by receiving MMS

ByOmar Jordan Fawahl

A vulnerability that existed in 95% of Android terminal that it is hijacked just by opening MMS and clicking the link of Twitter "Stagefright"Was reported in July 2015, but it turned out that a vulnerability very similar to this Stagefright exists also in iOS and OS X.

Cisco Talos Blog: Vulnerability Spotlight: Apple Remote Code Execution With Image Files
http://blog.talosintel.com/2016/07/vulnerability-spotlight-apple-remote.html#more


Apple Lovers Get Patching - Just One Text Can Steal Your iPhone Passwords - Forbes
http://www.forbes.com/sites/thomasbrewster/2016/07/19/apple-iphone-ios-9-vulnerabilities-like-stagefright/#1610e14a3947

This vulnerability was discovered by Tyler Bohan, a researcher at the Cisco Talos of Security Intelligence & Research Group. Handle image dataclassIt is included in "ImageIO" of MMS · iMessage · Attached to infected Safari's web page etc.TIFFA serious vulnerability has been confirmed that it is possible to extract the information of the iOS terminal from the format file.

In addition, ApplesandboxBecause it has a security mechanism called hacker to hijack all the terminals, jailbreaking (jailbreak) is necessary, possibility to be deprived of all control of the terminal like Stagefright which is the vulnerability of Android in 2015 It seems to be low.

ByHåkan Dahlström

Since these vulnerabilities have been addressed by the latest update "iOS 9.3.3" "OS X 10.11.6" released on July 18, 2016, it is safe to apply the update as soon as possible.

About the security content of iOS 9.3.3 - Apple support
https://support.apple.com/ja-jp/HT206902

About the OS X El Capitan v10.11.6 Update - Apple Support
https://support.apple.com/ja-jp/HT206770