So far we have heard numerous ways in which an iPhone can be hacked, but this new way had been unheard of. It’s been reported that hackers could infect your handset by sending you a song, but don’t worry. Apple has already killed that vulnerability.
How could a song hack your iPhone?
This bug, defined as a memory corruption flaw, was disclosed by an anonymous hacker working with Trend Micro’s Zero Day Initiative (ZDI). Apart from the iPhone, this bug could affect the Apple TV and watchOS as well. With iOS 10.3, Apple fixed two vulnerabilities that allowed malware to run as soon as an audio file is played on the handset. The company used “improved input validation” to address the issue, according to Forbes.
This vulnerability is quite similar to the one discovered in Google’s Android operating system in 2015. At that time, researchers found that they could put an exploit code in MP3s and MP4s. This time, the issue is with MP4s which were used by the anonymous hacker to breach Apple’s security. A lack of proper validation of the length of user-supplied data on iOS supported the bug.
This was not the only vulnerability that Apple patched with iOS 10.3. A weakness that could have allowed a hacker to send malicious code on the phone’s Wi-Fi chip was also addressed last week, notes Forbes. Apart from these, Apple also patched 82 other vulnerabilities with iOS 8.3. The most noticeable was one in which a hack just required a user to view a JPEG image. This vulnerability was again revealed by an anonymous researcher via the Zero Day Initiative.
What else has been fixed in iOS 10.3?
Apple’s latest update also fixes a vulnerability that allowed hackers to control a user’s web browser and then demand a ransom from the user in return for giving them back control of their device, according to ArsTechnica.
Explaining how the hackers were able to trick users into handing over a ransom fee, security firm Lookout said, “The scammers abused the handling of pop-up dialogs in Mobile Safari in such a way that it would lock out a victim from using the browser.”
The hackers would block then block the Safari browser until the user paid ransom in the form of an iTunes Gift Card.
“During the lockout, the attackers displayed threatening messaging in an attempt to scare and coerce victims into paying,” the security firm said in a blog post.
To make sure that your iPhone is protected against these hacks, head to Settings > General > Software Update. If you are downloading the latest iOS 10.3, you also get the new and encrypted Apple File System (APFS). This, according to Forbes, will make it harder for hackers and police to extract data from iPhones.
Along with the security fixes, iOS 10.3 comes with new features. Siri can now be used to check statuses, pay bills and book a ride. The voice assistant can also be used check the fuel level in a car, turn on the headlights and activate the horn.
