Bugs can be found from iPhone to leave iMessage's full text and attachments without decrypting

ByIphonedigital

Apple and FBI's iPhone decryption problem,FBI successfully unlocked its ownIt became convergence by doing it. after thatFBI rush to unlock iPhoneThere are many people who think that they want to see the contents of the iPhone, for example. Although it has been found that a special technique is required to unlock iPhone, even if it can not be decrypted, by checking a bug in the messaging application of Mac, it is possible for the iPhone A terrible method of stealing text and attachments of iMessage and SMS at once is released.

If You Can not Break Crypto, Break the Client: Recovery of Plaintext iMessage Data - Bishop Fox
http://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/

A demo that actually pulls out iMessage data can be seen from the following movie.

If You Can not Break Crypto, Break the Client - 8 April 2016 - YouTube


This information gathering method is based on "1: Hacker sends e-mail to victim" 2: Click victim's sent link "3: Attacker exchanges victim's message and attached documents, You will be able to see all the data. "


First of all we will send a javaScript feeder link to the target. For easy clicking, before the link "Hay, this is you, are you?" Message is attached, and the link itself is disguised as "www.facebook.com/photo.php".


This is the screen of victim's Mac message (iMessage) application. I am sending up-to-date reports and private photos to my friends.


A new mail arrived. After confirming it was mail from the attacker sent earlier. When the victim clicks on this link, JavaScript will be activated on iMessege.


When you return to the attacker's mailbox, you can see that the attachment is being sent from the victim.


It was a private picture that the victim was sending to a friend when clicked and opened.


Furthermore, the plain text of the victim has become to be able to see the whole sentence. When doing this method, you do not need professional mathematical knowledge etc, and if you know even the basics of JavaScript it is executable.


Mac message applications can be linked with iPhone. Since you can send and receive iPhone iMessage and SMS on Mac on Mac, if you break through the Mac's message application with this bug, you can also access the mails that are exchanged on the iPhone. Hurriedly, Apple has released a security update "CVE - 2016 - 1764" that can handle this bug. If you have not applied it yet, update it as soon as possible.

About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support
https://support.apple.com/en-us/HT206167