Of all the vulnerabilities (already discovered or not) that make up the digital medium, the most coveted by crackers and malicious agents are those that do not require interaction by the target ie flaws that can trigger breakdowns of devices and systems without the user even notice what is happening or take any action. And one of these flaws was recently discovered in iMessage.
The information is from PhoneArena: at the latest safety conference Black hat, held in recent days in Las Vegas (U.S.), Google Project Zero researcher Natalie Silvanovich has revealed the discovery of a vulnerability in iMessage that could be exploited by simply sending a certain message. The receiver does not need to perform any action, not even open the application: once received the string, the iPhone or iPad in question is vulnerable to intrusion.
The researcher said she had already notified Apple of the failure a few weeks ago and Ma has in fact fixed five other similar vulnerabilities detected in iMessage some time ago. It is not yet known, however, whether this specific flaw has already been corrected by the company.
Silvanovich explained that, overall, Apple has done a good job of protecting iMessage from vulnerabilities to the very expansive nature of the app, on the other hand, which makes the job of keeping it 100% armored very complicated. It explains: if originally, the app was a simple interface to send and receive SMS; Little by little, it gradually became a huge platform for the exchange of all kinds of content (between text, multimedia, stickers, location, contacts and even money).
Putting this together, integrating the application with third-party services through their apps makes it difficult to keep the environment fully protected at all times potential vulnerabilities are more likely to arise when there are more paths where app communication goes after all. The vulnerability discovered by the researcher, incidentally, attacks iMessage's own logic of operation, which could make its repair a bit more prickly for Apple.
We will be aware, of course, for possible news on this issue.
via Cult of Mac