Flaw in iOS 10’s Revamped iMessage

PhishTrain
Oct 5, 2016 · 2 min read

A new flaw in iOS 10’s and macOS Sierra’s newly released iMessage has been discovered recently.

Apple’s newly released iOS 10 (Image courtesy of BusinessWire)

Cyber security researcher Ross McKillop discovered the security vulnerabilities of Apple’s new mobile operating system. The newly designed links of iMessage allow the user to see a brief preview of the website on the other end before clicking it. However, unlike other services that have website previews, such as Slack or Facebook, iMessage sends request from the owner’s phone itself, rather than through a service.

In turn, valuable data is being transferred between the user’s device and the website on the other end. Information such as IP addresses and hardware and software details are transferred.

McKillop notes the potential attack vector for hackers to use by exploiting iMessage’s new functionality.

As this request is clearly being made, and parsed, by Safari from the User-Agent string it’s reasonable to believe that there is potential that an exploit found in Safari could be triggered without the target even browsing to the site, simply by sending them an iMessage containing that URL.

Unfortunately, there is no rock-solid way to combat this issue if you are currently an iOS 10 or macOS Sierra user. Apple’s lack of using a VPN could be fixed in the future, but there is no definite date that this will be resolved by.

Apple’s new iMessage has not been free of scrutiny apart from this. Just a couple weeks after the new OS’s release dates, it was found that some personal information sent over iMessage is stored on Apple’s servers.

-Team PhishTrain

Written by

Stay up to date on all things phishing related! See what new updates we roll out too!

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade