Less than two weeks before iPhone hackers can steal your password without you knowing

What if there were a flaw in your iPhone operating system that could let evil-intentioned hackers steal your passwords unnoticed, and your only current defense was to keep your phone offline at all times?

There is, according to a security researcher.

Tyler Bohan of Cisco’s threat-intelligence unit reported the “extremely critical bug” that would allow a hacker to steal passwords simply by sending a multimedia text message to a user’s iPhone, according to Forbes.

“The receiver of an MMS cannot prevent exploitation and MMS is a store-and-deliver mechanism, so I can send the exploit today and you will receive it whenever your phone is online,” Bohan told Forbes.

Apple’s Safari web browser is also vulnerable, Forbes reported: “The attack could also be delivered over Safari; all that would be required would be for the user to visit a website containing the malicious code and for the browser to parse the exploit. No interaction with the site would be required.”

And now that Bohan has outed the vulnerability, the clock is ticking. “Talos estimates there is about a two-week effort to get from the information we disclosed publicly to a fully working exploit with a decent amount of reliability,” he told Forbes for the report published earlier this week.

Apple’s just-released operating system, 9.3.3, has patches to prevent such an exploit, according to Forbes. On paper, the new system “is perhaps the least exciting iOS 9 update Apple has released,” Forbes said in another article. The system is a “pure bug and security patch,” according to Forbes.

Photo illustration: An iPhone held up in front of the Apple logo. (AFP/Getty Images)


Tags: , , ,


Share this Post

  • cosmicunity

    Oh that’s really “smart.”

  • Cyberspace

    How stupid can you get. Thanks Cisco!

  • Don’t look to Apple for answers. They deny everything. You can put the evidence right in their face and they will call you a liar.

  • Sillie Abbe

    Another vulnerability exists at Touch ID.

    t is known that the authentication by biometrics usually comes with poorer security than PIN/password-only authentication. The following video explains how biomerics makes a backdoor to password-protected information.