Skip to main content
  1. Home
  2. Mobile
  3. Apple
  4. News

Apple just fixed an iMessage bug that researchers called easily exploitable

Lulu Chang
By

how to save text messages
Kritchanut/Shutterstock
Your chat history on iMessage just went through a period when it was not altogether safe, but now, all wrongs have been righted thanks to an OS X update. A major issue in iMessage was recently fixed by Apple, preventing hackers and other ne’er-do-wells from pulling victims’ message histories.

It turns out that, prior to the fix, hackers had the ability to send iMessagers special links that, when clicked, granted access to the otherwise encrypted messages sent between iPhone users. In fact, so simple was the vulnerability that security researchers at Bishop Fox said that, “You don’t need a graduate degree in mathematics to exploit it, nor does it require advanced knowledge of memory management, shellcode, or ROP chains.” But now, Apple has addressed the issue, and your correspondence is safe once more.

While the problem has been addressed, it does nothing for the security reputation of Apple, who has recently had their iPhone hacked by the FBI as well as by researchers at John Hopkins, who published their own findings on iPhone vulnerabilities just a few weeks ago. This latest hole was discovered by researchers Joe DeMesy and Shubham Shah of Bishop Fox, along with Matt Bryant of Uber’s security team. The trio told Apple before they told the public, and thus far, there’s no evidence to suggest that any iMessage user fell victim to an attack as a result from the security flaw.

According to VentureBeat, an iMessage attack of this nature would have relied upon “javascript code in place of an iMessage URL in a classic cross-scripting attack.” The vulnerability was addressed with the CVE-2016-1764 update, which went into effect last month, so users now have no reason to worry. Of course, any sort of security flaw within Apple generally causes some sort of ruckus, but the company has yet to respond to requests for comment. In the meantime, however, rest assured that the latest version of Apple’s software contains no such holes — so if you haven’t yet updated, hop to.

Editors' Recommendations

Video-editing app LumaFusion to get a Galaxy Tab S8 launch

A tablet featuring the LumaFusion video editing app.

CyberOne robot is Xiaomi’s answer to Tesla Bot

xiaomi cyberone humanoid robot cyber one

Watch NASA’s trailer for new show on highly anticipated lunar mission

NASA's SLS rocket on its way to the launchpad.

The best Disney movies on Disney+ (August 2022)

A scene from the Disney animated film Encanto, showing the family performing magic.

A League of Their Own review: A worthwhile reimagining

The Rockford Peaches stand together in their locker room in Amazon's A League of Their Own.

The best family movies on Disney+ right now (August 2022)

Buzz Lightyear in Lightyear.

Square Enix’s Avatar: The Last Airbender mobile game soft-launches today

Aang, Katara and Sokka ride Appa to the horizon with the "Avatar: Generations" logo overhead.

What does a check mark mean on Facebook Messenger?

A series of social media app icons on a colorful smartphone screen.

How does Hulu work? pricing, plans, channels, and how to get it

Hulu on Apple TV.

Razr 2022: Everything we know about Motorola’s next foldable

Official render of the Motorola Razr 2022.

Oppo’s latest Apple Watch clone has an important spec under the hood

Oppo Watch 3 and Oppo Watch 3 Pro

The best shows on Disney+ right now (August 2022)

Groot in I Am Groot,

This brilliant $150 device stuffs an entire PC into a keyboard

The Abacus PC with components all around.