If you’re an iPhone user and are currently using anything below the latest iOS 9.3.3 firmware, did you know that you are susceptible to a nasty little security vulnerability CVE-201604631 in ImageIO framework? If you didn’t you should carry on reading, as this little vulnerability allows an attacker to create an exploit, which can be sent to you via an MMS inside a .TIFF image and once you have it, it steals your passwords.
A Security Solution
As luck would have it the latest and last firmware update for iOS 9.3.3 has a patch, which deals with the vulnerability. However, it still persists for iOS 9.3.2 and below, so the only way to stop it if you’re an owner of a none jailbroken device is to update to the very latest version of iOS 9.3.3.
So, if you’re not into jailbreaking updating your device and protecting yourself is really easy, all you have to do is go to Settings –> General –> Software update on your device and do the update from there. However, if you have a jailbroken device, protecting yourself is a whole different kettle of fish!
Protecting a Jailbroken Device
As it currently stands, there is no jailbreak available for iOS 9.2 to iOS 9.3.3 firmwares. And this means that until a few days ago there was only one way for you to protect yourself from this security issue, and that was to update to iOS 9.3.3 and completely loose your jailbreak.
Some Good News! There is now a new jailbreak package called TIFF Disabler and it is available via Cydia right now. All you have to do to find it is, search for TIFF Disabler Package, and then proceed with its installation. One more thing, there’s no need to add a third-party repository, because the package is on the BigBoss repo in Cydia.
OK if you’ve read the above and need me to be a little clearer, here we go. If you are planning on remaining on a version of a jailbroken version of iOS such as iOS 9.1 or below. You need to install the TIFF Disabler Package, which is available on Cydia now, DO NOT DELAY!
However, if you don’t have a jailbroken handset or tablet, I recommend that you upgrade to the final version of iOS 9.3.3 now. As this will give you Apple’s latest security update and make sure that your device is protected from the CVE-20164631 vulnerability.
If you have any questions about the vulnerability or have anything to add about the subject, please comment below.