Bishop Fox Researchers Discover Critical Vulnerability in Apple OS X Messages Application
The Bug, CVE-2016-1764, Was Patched by Apple Following Researchers' Disclosure
(firmenpresse) - SAN FRANCISCO, CA -- (Marketwired) -- 04/08/16 -- Researchers from the cybersecurity consulting firm Bishop Fox and the Uber Security Team recently found a high risk security issue in the Messages for OS X application from Apple.
The vulnerability allowed an attacker to steal a victim's message history in addition to any message attachments. These attachments could include personal photos, videos, and any other media ever sent by the victim.
"It would have been a devastating attack for anyone to experience," said Joe DeMesy, a security associate at Bishop Fox who is one of the three researchers responsible for the finding. "Think about what you usually send to your friends and family via message. Private photos, personal information, all kinds of content you wouldn't want to fall into the wrong hands."
An attacker could exploit this vulnerability by sending a malicious message to a victim, which could be manipulated to appear as if it came from a trusted source. The message would contain a link that, when clicked by the victim, would give the attacker access to the victim's messages and attachments almost instantly.
Also responsible for identifying the vulnerability were Shubham Shah, a senior security analyst at Bishop Fox and Matthew Bryant, an application security engineer at Uber who previously worked at Bishop Fox.
The researchers disclosed their finding to Apple, and the parties worked together to quickly remediate the issue. Apple developed a patch, which can be found in the software update released by Apple on March 21, 2016.
"Apple was responsive from the start and kept the lines of communication open throughout the disclosure process," said Carl Livitt, a partner at Bishop Fox.
If you are one of the many Messages for OS X users and have yet to update your software to the newest version, both Apple and Bishop Fox advise doing so immediately.
Additional technical information on how Bishop Fox found and exploited this vulnerability can be found , and demonstrates the attack in action. Please also see Apple's on the OS X El Capitan v10.11.4 and Security Update 2016-002 security update.
is an independent cybersecurity firm that protects businesses from today's increasing security threats. Since 2005, the firm has provided assessment and penetration testing and enterprise security consulting services to the world's leading organizations.
Embedded Video Available:
Contact:
Amy Blumenthal
617-879-1511
Themen in dieser Pressemitteilung:
Unternehmensinformation / Kurzprofil:
Datum: 08.04.2016 - 14:30 Uhr
Sprache: Deutsch
News-ID 462822
Anzahl Zeichen: 0
contact information:
Town:
SAN FRANCISCO, CA
Kategorie:
Hardware
Diese Pressemitteilung wurde bisher 189 mal aufgerufen.
Die Pressemitteilung mit dem Titel:
"Bishop Fox Researchers Discover Critical Vulnerability in Apple OS X Messages Application"
steht unter der journalistisch-redaktionellen Verantwortung von
Bishop Fox (Nachricht senden)
Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).
