Apple patched a major security flaw in iOS 9.3.3 that allows any attacker to steal passwords from your device by creating and sending an exploit in the form of MMS message attached with a .TIFF image file.
The receiver of such an MMS can’t prevent the exploitation and once executed, all authentication credentials stored in memory could be leaked to the attacker. Those who get compromised could have their saved Safari credentials stolen such as website and email passwords as well as cookies.
To avoid falling victim to such an attack, it’s best to update all your Apple devices to the latest available version to get all the recent security patches including one for this exploit. As for jailbreak users, there’s no public tool available for jailbreaking iOS 9.3.3 which means that you’ll have to risk your security by staying on your current jailbreakable firmware.
However, the good news is that there’s a new package available in Cydia called ‘TIFF Disabler’ that patches this critical security vulnerability for jailbreak users on iOS 9.1 and below. The package disables ImageIO TIFF support to protect your device against this security flaw.
Disables TIFF support to protect against CVE-2016-4631 on iOS 9.3.2 and earlier.
We highly recommend that you install this package right now on your jailbroken device to avoid getting your saved passwords compromised. To install it, simply launch Cydia and search for ‘TIFF Disabler’. The package is available via the default BigBoss repository which means that you don’t have to go through the hassle of adding a third-party repo.
As for non-jailbroken users, the best move is to update all your devices to iOS 9.3.3 to get the latest security patches and prevent getting compromised. This is why it is highly recommended that you always update your Apple devices to the latest available firmware to fix any security flaw that was present in earlier versions.
Since there’s no jailbreak tool available for iOS 9.3.3, users on jailbroken devices can take advantage of TIFF Disabler package in Cydia to patch this security flaw.