New Security Exploits On iMessage Allow Attackers To Steal Messages and Photos

Although iMessage has a strong encryption end to end, attackers able to steal your all iMessage text and attachment on OSX client through a simple Javascript. Instead of cracking the encryption algorithm, researchers at Bishop Fox explain the attackers just have to know basic Javascript and cross-site scripting method to launch the attack. However, the team reported the problem to Apple before publicly announced the issue. Apple, on the other hand, had already patch with improved content security policy checks. It is scary.

iMessage Cross Site Scripting

Launching an attack:

(via Engadget)

Leave a Reply

Your email address will not be published. Required fields are marked *