On Monday, July 18, Apple issued updates of tvOS, WatchOS, OS X and iOS that patched a security vulnerability that could allow hackers to steal password and login info as users type them.
According to The Wall Street Journal, users of Apple devices such as an Apple TV, Apple Watch, Mac, iPad, or iPhone are at security risk from an exploit similar to Stagefright that has been found last year on Alphabet's Android mobile operating system.
The security bug on Android has been eventually patched. Apple also announced that the security flaw has been patched in its latest security updates. Users of Apple devices are recommended to ensure their operating systems are up-to-date.
The malware was made public by Talos, a security research team from Cisco Systems. The exploit disguises itself as a TIFF-formatted image and can be sent to Apple devices via email apps, messaging and web browsers.
A Talos researcher, Tyler Bohan, explained in a blog post that this security flaw is concerning because it can be triggered when rendering tiled TIFF images in any app using the Apple ImageIO API. There are many applications on Apple devices that render images by using this specific API, including Apple's Mail, iMessages and Safari apps.
PCMag reports that, in addition to TIFF, Cisco's security research team Talos also discovered vulnerabilities in Apple's processing of BMP images, the Digital Asset Exchange and OpenEXR file formats. Since image files can be easily distributed over email traffic or web without raising recipient's suspicion, they are an excellent vector for hacker attacks.
Apple Core Graphics API, Image I/O and Scene Kit are widely used by apps on the Apple OS X platform, which makes these vulnerabilities more dangerous.
Apple users of iPod Touch, iPad and iPhone can check if their operating system is updated to the last version of iOS 9.3.3 by opening the iOS device's settings app and tapping Software Update in the General menu. In case that the latest iOS version is not installed, it is recommended to immediately update the operating system.