Detected a new Apple vulnerability, this time from iMessage

imessage_mac

The truth is that it is not being a good year for Apple, if we value it in terms of security. Perhaps the market requirements to have a new operating system ready each year are taking their toll. To date, these typical errors of new versions, if they were to affect, were related to bugs in daily work. Instead, For some time now, security problems are increasing.

On this occasion, the vulnerability can occur when we send an SMS from the iMessage application, using our iPhone as the sender, since someone could send SMS on our behalf. The alarm voice is made by the user Khaostian. Days ago, it had discovered a vulnerability affecting HomeKit and Apple confirmed the bug and proceeded to fix it. On that occasion, he initially complained about the lack of dialogue with those responsible for Apple, when communicating the finding.

On this occasion, the error arises the directory that associates the identity of a user in iOS. We discuss it in this article, since many users among whom I am, send SMS messages through the Mac. Khaos tian he discovered that a hacker can substitute for this person and send SMS to another person on their behalf, the latter thinking that the recipient is the original sender.

IMessage security flaw discovered

Although the system is prepared to detect the coincidence of the iCloud accounts that emits the message from the Mac to the iPhone, an intrusion can send this same message together with a specific instruction, which allows us to send said message without our intermediation.

We can be calm at this time, because in the words of the discoverer of the failure, Apple corrected this bug in record time. The discoverer of the failure communicated it to the company on December 15 and 16, this error was corrected on December 20. Once again, Apple is responsive, which we value positively. The discoverer of the failure went to the press, when he saw that Apple did not report anything about his discovery.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.