In January, we shared predictions about the trends that would dominate the cybersecurity space in 2016. Among those was a prediction that Apple devices would no longer be “immune” to attack and as they gained popularity, would become a more desirable target than ever for cyber criminals. Once seemingly impossible to penetrate, we’re already seeing a number of attacks against Apple in just the last two months that suggest this is no longer the case.
Users were urged to updated their devices in late July, when news broke around new research identifying security holes in Apple’s desktop and mobile operating systems that could allow malware to be sent via iMessage – similar to what we saw last year with the Stagefright bug on Android devices. By creating malware formatted as a TIFF file, hackers could send an image to a target over iMessage and execute malicious code on the device – giving the attacker access to both the device’s memory and any stored passwords. The same attack could be delivered by email, or by directing the user to a browser that contains the malware-infected image. The good news? Apple addressed these vulnerabilities with the release of iOS 9.3.3 for mobile and El Capitan 10.11.6 for OS X.
Just last week, we saw what could be another pivotal moment in Apple security: the first remote jailbreak exploit. Human rights activist Ahmed Mansoor, from the United Arab Emirates, received a suspicious text with a link that, if clicked, would have jailbroken his phone and infected it with malware. Had this been successful, the attacker would have been able to log encrypted messages, secretly activating the phone’s microphone and tracking its movements. This attack exposed three vulnerabilities in Apple’s iOS that, when combined, could lead to the jailbreak of an iOS device, which until now, has never been thought to be possible. Again, Apple released patches for the vulnerabilities with the release of iOS 9.3.5 last week.
Attacks against Apple show no sign of slowing. That said, if there is one take away from the above, it’s that Apple is offering consumers the opportunity to stay secure with every software update they release. It’s therefore our responsibility to take advantage of these updates, and take control of our own security.