If you have not yet updated your iGadget to iOS 9.3.3, your Mac for OS X 10.11.6, your Apple Watch for watchOS 2.2.2 and / or your fourth generation Apple TV for tvOS 9.2.2, do it now. Trust me!
Researcher Tyler Bohan, from Cisco Talos, discovered a serious flaw in Apple's operating systems. Fortunately he reported everything Ma and waited for the official correction to reach the public before he could comment on the matter.
Briefly, Bohan said that a flaw in the Image I / O API causes images of the type TIFF, OpenEXR, Digital Asset Exchange and BMP to break the security of systems. A simple receipt of an image can execute a remote code on the device, which obviously can compromise the user's data a lot.
The flaw encompasses any application that uses this API (iMessage, Safari, Mail, etc.). In most cases involving the TIFF format, however the user does not need to do anything at all, after all these apps usually render and automatically open the image to make our life easier. In doing so, the damage is done. In some formats, the framework Core Graphics and SceneKit also have the flaw. And this is worrying because they are widely used in OS X, where the damage can be even greater since, unlike the others, Ma's desktop operating system is much more "open" for reasons of principle.
In case of iGadgets, a malicious person could, for example, steal sensitive data such as passwords, logins, etc .; on Macs, the biggest problem and crackers could steal, in addition to passwords and data, things like photos and videos.
We are talking about a scenario in which an image sent to the user carries malicious codes, of course. So far, everything Bohan has shown is no proof of concept and there are, for now, no real threats running around. Still, it is highly recommended that you upgrade all your systems to the newest versions released by Apple recently.
Older systems like OS X Mavericks / Yosemite and iOS 8 are not protected against this failure, so it is good to migrate to the new ones as soon as possible.