Home » Computer & Software » Hardware » Bishop Fox Researchers Discover Critical Vulnerability in Apple OS X Messages Application
Ihren XING-Kontakten zeigen

Bishop Fox Researchers Discover Critical Vulnerability in Apple OS X Messages Application

SAN FRANCISCO, CA — (Marketwired) — 04/08/16 — Researchers from the cybersecurity consulting firm Bishop Fox and the Uber Security Team recently found a high risk security issue in the Messages for OS X application from Apple.

The vulnerability allowed an attacker to steal a victim–s message history in addition to any message attachments. These attachments could include personal photos, videos, and any other media ever sent by the victim.

“It would have been a devastating attack for anyone to experience,” said Joe DeMesy, a security associate at Bishop Fox who is one of the three researchers responsible for the finding. “Think about what you usually send to your friends and family via message. Private photos, personal information, all kinds of content you wouldn–t want to fall into the wrong hands.”

An attacker could exploit this vulnerability by sending a malicious message to a victim, which could be manipulated to appear as if it came from a trusted source. The message would contain a link that, when clicked by the victim, would give the attacker access to the victim–s messages and attachments almost instantly.

Also responsible for identifying the vulnerability were Shubham Shah, a senior security analyst at Bishop Fox and Matthew Bryant, an application security engineer at Uber who previously worked at Bishop Fox.

The researchers disclosed their finding to Apple, and the parties worked together to quickly remediate the issue. Apple developed a patch, which can be found in the software update released by Apple on March 21, 2016.

“Apple was responsive from the start and kept the lines of communication open throughout the disclosure process,” said Carl Livitt, a partner at Bishop Fox.

If you are one of the many Messages for OS X users and have yet to update your software to the newest version, both Apple and Bishop Fox advise doing so immediately.

Additional technical information on how Bishop Fox found and exploited this vulnerability can be found , and demonstrates the attack in action. Please also see Apple–s on the OS X El Capitan v10.11.4 and Security Update 2016-002 security update.

is an independent cybersecurity firm that protects businesses from today–s increasing security threats. Since 2005, the firm has provided assessment and penetration testing and enterprise security consulting services to the world–s leading organizations.

Embedded Video Available:

Contact:

Amy Blumenthal
617-879-1511

Related posts:

  1. Aspect Security Researchers Discover Remote Code Vulnerability in the Spring Framework
  2. Media Alert: Check Point Researchers Discover Global Cyber Espionage Campaign With Possible Link to Lebanese Political Group
  3. Cylance SPEAR Team Discovers Vulnerability Impacting All Versions of Windows, Including Windows 10 Preview
  4. Vectra Networks Discovers High Severity Internet Explorer 11 Vulnerability Following Hacking Team Cyber Attack

You must be logged in to post a comment Login


Blogverzeichnis - Blog Verzeichnis bloggerei.de Blog Top Liste - by TopBlogs.de Bloggeramt.de blogoscoop