Find a Question:
Messages service for OS X contains vulnerability that poured out messages
The Messages service for OS X contains a vulnerability, which made it possible to get the entire file and call history from a user to click on this link. Apple in March distributed a patch to plug the leak.
Messages Because no same-origin policy applies were there with a malicious script via XHR be called GET request certain files. To get the file and call history when it was necessary to identify the user name under which it was registered in OS X. On this basis, the attacker could generate the full path to the IM database. According to the researchers, however, this was not a problem as the logged in user could be easily retrieved from the OS X application sandbox. In this way, it was possible to send the entire file and conversation history to a chosen server.
If it was activated automatic forwarding of SMS messages could be traced also the history of an iPhone this xss attack. It was not possible for example to install malware via this way. The code of the corresponding exploits by the researchers available soon GitHub and no indications were that the vulnerability is actually used by attackers.Viewing:-171
Answer this Question
You must be Logged In to post an Answer.
Not a member yet? Sign Up Now »
Star Points Scale
Earn points for Asking and Answering Questions!