Apple Patches Bug that Allows Full Access to iMessage Data
Apple has patched a serious vulnerability in iMessage that allows attackers to gain remote access to a victim’s messages and attachments. The attack is targeted at a vulnerability in Mac OS X iMessage client.
Researchers at Bishop Fox write on the company blog, “You don’t need a graduate degree in mathematics to exploit it, nor does it require advanced knowledge of memory management, shellcode, or ROP chains. All an attacker requires is a basic understanding of JavaScript.”
Any attacker can target a user’s device by sending a simple message with a URL. Once the user clicks on the link from the OS X iMessage client, the attacker gains access to otherwise-encrypted messages and attachments.
Even if the exploit is for the Mac OS X iMessage client, iMessage on iOS devices is not safe. If a user has enabled SMS forwarding from an iOS device, the attacker also gains access to messages exchanged with the victim’s iOS device.
Related content
- Apple’s PQ3 Brings Post-Quantum Security to iMessage
-
News for Admins
In the news: CIQ Offers Long-Term Support for Rocky Linux on AWS; Apple's PQ3 Brings Post-Quantum Security to iMessage; Google Open Sources Magika File-Type Detection System; Microsoft Announces Sudo for Windows; Linux Foundation Launches Post-Quantum Cryptography Alliance; Sys Admins Saw the Biggest Average Salary Increase in 2023, According to Dice; Use of Open Source Software Increased Significantly in 2023; Docker Build Cloud Announced; Wi-Fi CERTIFIED 7 Announced; EU Commissions Nostradamus Project for Quantum Testing; and NIST Identifies Main Types of Adversarial Machine Learning Threats, GitLab Announces Critical Security Releases.
-
Targeted attacks on companies
Watering hole and spear phishing targeted attacks offer the greatest rewards to cybercriminals. Here's how to protect your company from these types of attacks. - Apple’s High Sierra Bitten by Root Bug
-
News for Admins
News for system administrators around the world.