Bishop Fox Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats

Subscribe

Subscribe to Blog via Email

Popular Posts:

If You Can't Break Crypto, Break the Client: Recovery of Plaintext iMessage Data

CVE-2016-1764, fixed by Apple in March of 2016, is an application-layer bug that leads to the remote disclosure of all message content and attachments in plaintext by exploiting the OS X Messages client. In contrast to attacking the iMessage protocol, it is a relatively simple bug. You don’t need a graduate degree in mathematics to exploit it, nor does it require advanced knowledge of memory management, shellcode, or ROP chains. All an attacker requires is a basic understanding of JavaScript.

1