Hackers Could Remotely Steal Chat History and Data from “Apple iMessage” service!

Are you an owner of Apple Products? If yes, you are in trouble. A major vulnerability has been found by security researchers in iMessage service of Apple. Hackers could steal all your personal information, personal pictures, personal videos and chat history remotely by exploiting this critical vulnerability. This vulnerability has been registered by the security researchers with (CVE-2016-1764).

Reason Behind it?

Hackers could exploit this vulnerability with through their social engineering skills. Hackers could steal all the personal info and chat by tricking the user of iMessage. Hackers are targeting iMessage users by spreading some links which are malfunctioned by them. When user clicks on that link, the hard coded Javascript of malware will run automatically in victim’s device and then it will steal all the information. It is possible because iMessage service of Apple is not integrated with sandboxing mechanism in a good way. So it is easy for hackers to run Malicious Javascripts inside program files of iMessage. Victim has no idea about it that his information has been stolen by the hackers.

How Hackers are Targeting Users?

Hackers are using a simple way. They are tricking the users to click on a URL, which is malicious. They are doing this by phishing and other social skills. They can also send short links and Hyperlinks to the users.

According to security researchers, “By exploiting this vulnerability hackers could directly affect Message Client of OS X. It is not possible for malware to effect the protocols used by iMessage, but the scripts used by hackers are capable to gain access of the iMessage program file. It is a client side process and hackers are exploiting client softwares used by Apple. The Apple Devices, which are using EI Capitan OS X, are most vulnerable to this attack. Only basic knowledge of Javascript is required to exploit this code, therefore hackers of low level could also exploit this vulnerability.

Conclusion

This bug was reported by security researcher in March 2016 and to fix this bug, Apple has released an update on March 21. If you are using apple devices, then update your iMessage software. This is a critical vulnerability which was effecting to both Desktop and Laptop devices. To fix this vulnerability new security features has been added by Apple into iMessage Software, which will automatically block all that hyperlinks, which contains Javascript.