In its post, Talos described five particular vulnerabilities that would allow someone to insert malicious code that would activate when OS X processes certain image file formats: TIFF, OpenEXR, Digital Asset Exchange and BMP. The security team found the first exploit to have the most potential danger as it could be triggered by many applications like iMessages that automatically render that file format when received or present multiple images in tiled arrangement.

While the exploits appear similar to the Stagefright Android bug revealed last year, the comparison isn't totally sound. For one, Apple devices and computers run far fewer versions of its operating systems and thus fewer are left behind in the updating cycle. But several of the attack vectors via MMS and iMessage proposed by Talos remain hypothetical, and even those they successfully simulated in OS X and Safari have a lower reward profile than multimedia messaging, reports Macworld. Dan Guido, CEO of security firm Trail of Bits, further dismantles the Stagefright comparison and points out on Reddit that crafting an exploit for iOS, tvOS or watchOS could take as much as six months.

Apple declined to comment, but the latest versions fixing the vulnerabilities for both OS X El Capitan and iOS 9.3.3 were released on Monday, July 18th — the day before Talos' report was released.