Skip to main content

iOS version of Stagefright fixed, everyone should patch now

An equivalent to Android's Stagefright vulnerability has recently been spotted on iOS and OS X devices. It has since been patched, and security experts from Sophos are urging all Apple users to patch up as fast as they can, to protect themselves from the serious flaw.

For those with short memory, Stagefright (in its multiple version), allowed a hacker to take over a victim's Android smartphone by sending a message with an image or a video file. Long story short, it had something to do with the way Android managed images, and pretty much every Android version you can think of was vulnerable.

Now, a similar thing happened on Apple’s operating systems, and if you don’t want your device taken over by somebody, you should patch up ASAP.

“It seems that Stagefright has come to Macs and iPhones, after a fashion,” Sophos’ Paul Ducklin writes in a blog post. “In Apple’s recent security updates for OS X (10.11.6) and iOS (9.3.3), some of the patched bugs are listed like this:


Impact: A remote attacker may be able to execute arbitrary code

Description: Multiple memory corruption issues were addressed through improved memory handling.”

Ducklin compares ImageIO to Google’s libstagefright, Android’s multimedia software component which enabled the vulnerability.

“We sometimes hear from people who naively assume that once they get really out date, for example by sticking with Windows XP, even their exploitable vulnerabilities go stale and out of fashion; not so here, according to Bohan,” he writes.

“Even if iOS malware were to take over just your Messaging app, and be constrained by iOS’s sandboxing to messaging data only, you could have plenty of personal information at stake.”

Photo Credit: fatmawati achmad zaenuri/Shutterstock