Bishop Fox Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats

Subscribe

Subscribe to Blog via Email

Popular Posts:

If You Can't Break Crypto, Break the Client: Recovery of Plaintext iMessage Data

CVE-2016-1764, fixed by Apple in March of 2016, is an application-layer bug that leads to the remote disclosure of all message content and attachments in plaintext by exploiting the OS X Messages client. In contrast to attacking the iMessage protocol, it is a relatively simple bug. You don’t need a graduate degree in mathematics to exploit it, nor does it require advanced knowledge of memory management, shellcode, or ROP chains. All an attacker requires is a basic understanding of JavaScript.

On Apple, Encryption, and Privacy: A Word About Decryption

In February 2016, Apple announced that it would fight the FBI’s court order to break the encryption of the iPhone of one of the San Bernardino attackers. We wrote a blog post on that decision; this is a follow-up to that original piece.

On Apple, Encryption, and Privacy

In the wake of news that Apple plans to oppose a federal court order to assist the Justice Department in decrypting data stored on an iPhone belonging to one of the San Bernardino attackers, a broader conversation about encryption, privacy, and law enforcement has begun.

1