iOS bug: iPhone users urged to update after Apple fixes huge password vulnerability

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

If you haven’t just updated your phone, it might be in huge danger.

A new update fixes security holes that would allow hackers to grab passwords and other important information with just one infected iMessage.

All hackers would have to do is to send an infected image to a phone, which will automatically open up it as soon as it is received. Once that file is received, hackers get the ability to run malicious code on that device – letting them run programs or hoover up passwords.

The security bug is present in every version of iOS and macOS apart from the very newest ones – iOS 9.3.3 and El Capital 10.11.6. Those updates were released this week and so Apple advises

The bug has only just been made public after being discovered by Tyler Bohan, a researcher who works for Cisco’s security unit. But it was shared with Apple ahead of the publication, so that it could be fixed without notifying hackers that it could be used.

It’s also possible to keep the phones from being infected by turning off iMessage and disabling MMS messaging, meaning that there’ll be no way to send over image files through texts, and ensuring that no questionable images are opened over email. Though there are no known problems with the latest updates, that will help keep devices safe until they are upgraded to the latest software.

Though Apple devices get updated far more reliably than Android ones – new releases for which tend to get held back by networks and phone manufacturers – there are still thought to be tens of millions of phones that haven’t even been updated to iOS 9, the last major release that came out in September last year.