Update your iOS to fix this critical security bug

A researcher at Cisco Talos, a unit of Cisco that works on security has discovered some serious loopholes with regard to Apple’s operating systems that can be exploited through its default messaging, web browsing, or email software, reports Forbes. According to Tyler Bohan, hackers can steal your passwords simply by sending you an infected iMessage—and all they’d need is your phone number.

The hack is apparently pretty simple: A hacker creates malware that’s formatted as a TIFF file, another image format just like JPG or GIF. The hacker then sends it as an iMessage. This is especially effective because the messaging app automatically renders images on its default settings.

Once the infected file is received, malicious code can be executed on the target device, giving an attacker access to the device’s memory and stored passwords. The victim wouldn’t even have had a chance to prevent it. The same attack can be delivered by email, or by making the user visit a website that contains the infected image, using Apple’s Safari browser.

The worst part was that Bohan found that the bug is present in all versions of iOS and OS X except for the very latest ones, which were published on July 18.

Because Bohan had shared his insights with Apple in time, the latest versions of its OS address the vulnerabilities. That means the safe version of iOS is 9.3.3 and for OS X it’s El Capitan 10.11.6.

For a quick fix, you can turn off iMessage on your iPhone, and also disable MMS messaging.

The point, however, is that a huge chunk out there lies in the vulnerable group. According to Apple, about 14 percent of iOS devices run iOS 8 or earlier. There are over 690 million active iOS devices, according to one estimate, which means at least 97 million devices running Apple’s mobile operating system are vulnerable to the hack. That’s not even accounting for the mobile devices that aren’t running the absolutely newest version of iOS 9, or Macs that aren’t up to date.