This bug is scary, not necessarily for what it can do, but for how easy it is (well, was) to pull off. The vulnerability targeted the Apple OS X version of iMessage (though iPhones were still vulnerable through SMS forwarding), presenting users with a bogus link to click, which would then pull data from the iMessage application and send it off to an outside source.

The security that Apple had in place prevented the bug from installing malware and from pulling data from outside of iMessage, but user’s chat logs would still get pulled in their entirety, so any information that was shared would land in the hands of the attacker.

The vulnerability was discovered and reported by researchers Joe DeMesy, Shubham Shah, and Matt Bryant, Bryant being a member of Uber’s security team. They reported the bug to Apple before they went public with their findings.

This comes right on the heels of an exploit that made photos and videos vulnerable when sending them off. Both problems have since been patched. Between this and the FBI nonsense, poor Apple can’t catch a break. Good on them for handling all of this quickly and efficiently, though.

Share This With The World!
  •  
  •  
  •  
  •  
  •  
  •  
  •