Apple has patched a major vulnerability in iMessage that allowed attackers to pull a target's message history through a bogus link. Once clicked, the link pulled data from within the iMessage application and exported it to an outside source. Apple's larger security protections prevented the attack from installing malware or pulling data from outside the iMessage application, but it still represents a significant data breach for any user tempted by clicking on the bogus link.
Security Associate Joe DeMesy and Senior Security Analyst Shubham Shah are mentioned in this piece published by The Verge - iMessage Bug Exposed Target's Chat History After One Click
Read the original blog post on this research - co-authored with Uber's Matthew Bryant - here.