We recommend that you update your iOS and Mac OS to the latest versions if you haven't yet.
Tyler Bohan, senior security researcher of Cisco Talos, has found a critical bug in the ImageIO, which is a program needed to handle image data.
The vulnerability allows any hacker to access your internal storage and your stored passwords. All he needs to do is to send a specially crafted iMessage to your device, which once received, would hack your information without even you knowing anything about it.
The vulnerability is comparable to the Stagefright bugs which were revealed just a year ago. Good news is that Apple has already patched this flaw in its latest updates. However, those who still haven’t updated are in grave danger.
The attack can also be delivered over Safari once a user visits a website containing the malicious code and for the browser to parse the exploit. No interaction would be required with the site.
It's "an extremely critical bug, comparable to the Android Stagefright as far as the exposure goes;" says Gohan. He added that "the receiver of an MMS cannot prevent exploitation and MMS is a store and deliver mechanism, so I can send the exploit today and you will receive it whenever your phone is online."