An alarming security loophole in Apple’s iOS and OS X has been discovered by Cisco’s Tyler Bohan, which could give any hacker who has your phone number access to your stored passwords. This revelation comes through Forbes, who have reported about this gaping security hole in operating systems used by millions. The vulnerability involves iMessage, through which an attacker can send a malware file in TIFF format file. TIFF if you don’t know is a image format just like JPG or PNG.

The hack works because iMessage renders every image it receives in its default settings. When the malware infected TIFF file is received on the target device hacker can execute it in order to extract stored passwords from that device. What makes things even worse is that the malware is not limited to Apple’s iMessage service as attacker can also use other services like email or a website to execute this hack.

The good news is that Apple has already fixed this vulnerability in its latest iOS versions, so devices running iOS 9.3.3 or OS X El Capitan 10.11.6 cannot be infected with this malware. However any iOS or OS X version released prior to the latest ones mentioned here are vulnerable to this TIFF file hack.

If you haven’t already it is the best time to upgrade your iPhone, iPad or Mac to the latest versions of iOS and OS X in order to avoid being hacked. While upgrading to latest software is the best solution to this problem, if you can’t update for some reason you can also stay safe by disabling iMessage on your device for the time being. This is obviously not a convenient option and other modes of communication such as email and web will still remain vulnerable.

Related: Jailbreak Users Can Protect From TIFF Hack with TIFF Disabler Tweak



