Apple iMessage Flaw Allows Remote Attackers to Read iPhone Messages

The Threat Post ^ | July 31, 2019 | By Tara Seals

[Swordmaker]

Remote exploitation can be achieved with no user interaction.

Five bugs in Apple’s iMessage service for the iPhone have been uncovered that require no user interaction to exploit, including one that would allow remote attackers to access content stored on iOS devices.

First discovered by Google Project Zero security researcher Natalie Silvanovich, Apple has fully patched four of the flaws as part of the 12.4 iOS update.

CVE-2019-8646 is the bug that allows an attacker to read files off a remote device with no user interaction. An exploit could leak the SMS database, binary files like images and more. Silvanovich has made a proof-of-concept public for the flaw.

[Swordmaker]

The headline is incorrect, it does not allow reading of iMessage, it does in some rare instances allow seeing some images. IMessages are encrypted and not readable with this potential exploit. In addition, the iMessage app is sandboxed from all other data and only data that has at sometime been transmitted by iMessage is potentially accessible by these exploits, so much of this is hyped. There is no way that other non-iMessage data can be revealed.

[Swordmaker]

Five flaws found in iMessage allows non-user interactive Man-in-the-middle access to the iOS device that could compromise access to the device. Four of these flaws will be closed with the release of iOS 12.4 and Apple is currently working on the fifth. —PING!

Thanks to Freepers Generally for the heads-up!

APPLE iOS SECURITY PING!

If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.

[dila813]

lady friend had her ident stolen and realatives thought that she was asking for money, they used this to spoof her id to others somehow. it all started when she opened a message that disappeared as soon as she clicked on it.

Anyone else know someone?

[Innovative]

Too bad.

I hope Apple will hurry up and fix it.

[proxy_user]

What the hacker saw:

U there?

Who U?

I’m me

OK, LOL!

[proxy_user]

What the hacker saw:

U there?

Who U?

I’m me

OK, LOL!

[mass55th]

I have a friend who was targeted because of her Facebook account. She received a couple of calls from someone claiming to be her grandson. Fortunately, she's not drooling yet, and knew it was a hoax.

Haven't heard any stories of peoples' iPhones being hacked, or whatever it is they do to get access. I have an iPhone, and only use it to talk to people, mostly my kids. I don't access any of my personal online accounts with it. I don't even like the damn thing, or any cell phone for that matter.

[Swordmaker]

Not from my reading of the exploit potential. The most they might get is any images you may have sent in the recent past to the person you’re currently texting, or any recent exterior links to a website to that person. The current texts themselves are sent with 256 bit AES encryption, which is unbreakable.

[smokingfrog]

Hackers would not find my iMessages very interesting either.