Cisco Talos senior researcher Tyler Bohan, who discovered this critical Stagefright-type bug in iOS, described the flaw as "an extremely critical bug, comparable to the Android Stagefright as far as exposure goes."
The critical bug (CVE-2016-4631) actually resides in ImageIO – API used to handle image data – and works across all widely-used Apple operating systems, including Mac OS X, tvOS, and watchOS.
All an attacker needs to do is create an exploit for the bug and send it via a multimedia message (MMS) or iMessage inside a Tagged Image File Format (TIFF).
