iPhone bug allows hackers to steal passwords with just a text message

July 21, 2016

Apple has fixed a major security hole that potentially allowed hackers to gain access to a user’s iPhone, potentially allowing them to steal sensitive data such as passwords.

The flaw allowed hackers to break into an iPhone simply by sending them a text message with a specially-modified image file.

When the phone’s software tries to process the image, the file would exploit the vulnerability to access parts of the device’s code usually off-limits to third parties such as downloadable apps. It could then execute malicious code within applications without the receiver suspecting a thing.

Security experts warned that by the iPhone trying to process the image, such as receiving a message or visiting a webpage with the picture, hackers could corrupt the iPhone’s memory and access information such as website and email passwords.

The vulnerability lies in how Apple’s software handles a certain image file called a TIFF. While it can render the image as normal – meaning a user will notice no difference – by tampering with an image file a hacker could also overload the iPhone’s memory allowing the image to execute malicious code.

Read full story…