There remains a perception, among many owners of Apple devices and products, that they are immune from the malware, security flaws, and viruses that often hit the competition. Sadly, that’s not true. An iOS device or a Mac can be just as vulnerable to a flaw as any other — and right now, yours is.
As Quartz reports, all anyone needs to exploit this vulnerability is a phone number. And with that phone number — which is easy enough to find, guess, or just pick randomly — a hacker can access every stored password on the device.
The problem is not entirely unlike the Stagefright bug that hit the world’s Android users last year. In both instances, the flaw has to do with the way the operating system processes multimedia files.
For this issue, all it takes is receiving an infected iMessage or e-mail that contains a bad *.tiff image file. That “image” is malware, and as soon as iMessage or Safari receives it, it automatically renders it.
That file can include malicious code that gives an attacker access to everything stored on the phone — without even giving the recipient a chance to defend themselves or not download the thing. (You can, however, turn off iMessage on your phone and disable MMS messaging, to prevent your device from automatically downloading any images, malicious or otherwise.)
The vulnerability is incredibly widespread, the researcher who discovered it says. It shows up in all versions of iOS and OSX prior to the current update. Those updates, published July 18, include a fix for this issue because the researcher shared it with Apple before going public.
Quartz did the math, estimating how many iPhones out there aren’t yet updated, and found that at least 97 million are running iOS 8 or earlier, and are vulnerable to this kind of attack. And that doesn’t even address any of the desktop or laptop Macs out there that aren’t up to date, or any of the phones on iOS 9 that haven’t patched this week.
So: if you have an iPhone or iPad, please get it on iOS 9.3.3 as soon as possible. Mac users, you’re looking for OSX update to El Capitan 10.11.6.
Update your Apple devices now to fix a terrifying security bug [Quartz]
Editor's Note: This article originally appeared on Consumerist.