iOS 9.3.3 Fixes Critical Security Flaw That Could Allow Password Theft

Apple’s iOS, running on both iPhones and iPads the world over, has been able to largely avoid any major security scares over the years, and has certainly been able to laud it over Android in the sheer packability stakes. Now, though, it seems iOS users should be wary of a security hole that could allow hackers to gain access to a device remotely, giving them a door through which passwords could be stolen.

The most worrying part of all this is that the user would likely never know that they had been the subject of a particularly nasty piece of hacking.


Thankfully, Apple has already patched this loophole in iOS 9.3.3, which is yet another reason to ensure all iPads and iPhones are updated to the latest version of iOS in a timely manner. With iOS 10 just around the corner – September is the expected release month – that too will contain the patch for this particular exploit.

Those who are at risk, and subsequently targeted, could see WiFi passwords as well as any password entered via Safari be compromised. Even more concerning is that the same security hole is said to be found within Mac OS X, tvOS and watchOS, meaning all of Apple’s operating systems are, or at least were, vulnerable.

Cisco Talos senior security researcher Tyler Bohan found the critical bug in ImageIO, which is used to handle image data. An attacker could create an exploit – a little program that takes advantage of vulnerabilities – and send it via a multimedia message (MMS) inside a Tagged Image File Format (TIFF). Once received, the hack would launch. The user would have no chance of detecting the attack, which would begin to write code beyond the normal permitted boundaries of an iPhone’s texting tool.

iOS 9.3.3 main

If you want to be completely safe from this exploit, you will have to make sure you update all your Apple devices to latest versions of iOS, tvOS, watchOS and OS X as Apple’s latest release includes a patch for this critical security flaw. If you are a jailbreaker, it’s important to note before updating to iOS 9.3.3 that there’s current no public jailbreak tool available for iOS 9.3.3. Also, once you have updated to iOS 9.3.3, there’s no way to downgrade back to the last jailbreak-able firmware, that is iOS 9.1.

(Via: Forbes)

Update x1: For jailbreak users on iOS 9.1 and below, there’s now a patch available for this vulnerability in the form of a Cydia package. You can find details on it here.

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.