Apple Publishes Workaround for Unicode iMessage Bug

Apple has quickly given iPhone users a workaround for a pesky iMessage bug that’s been making the rounds this week. The bug, which some users have dubbed a “text message attack,” has been frustrating many iPhone users since surfacing on Wednesday. It occurs when a user receives a text message tha...

Signal 2.0 Brings Encrypted Messaging to iPhone

The sanctity of Apple iMessage end-to-end encryption has been challenged by white hats who in 2013 reverse engineered the protocol behind it, revealing that Apple controls the key infrastructure and could, in turn, be compelled to turn over messages via government order. CEO Tim Cook denied those...

Apple Extends Two-Factor Authentication to iMessage, FaceTime

Apple extended two-factor authentication 2FA yesterday to its iMessage and FaceTime services, adding an extra layer of security to the popular iOS apps. The move, which Apple has taken to calling “two-step verification,” follows the company’s enabling of 2FA on its iCloud storage service back in...

CVE-2014-4353

Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent 1 iMessage or 2 MMS...

Race condition

Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent 1 iMessage or 2 MMS...

CVE-2014-4353

Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent 1 iMessage or 2 MMS...

CVE-2014-4353

CVE-2014-4353 describes a race condition in iMessage on iOS prior to 8 where attachments may persist after the parent iMessage or MMS is deleted, enabling potential information disclosure. Affected product: Apple iOS versions before 8; vulnerable component: iMessage attachment handling. Root caus...

Apple iOS < 8 Multiple Vulnerabilities

Binary data appleios80check.nbin...

Apple CEO Defends iMessage Security

Despite research published last year that demonstrated that Apple has the ability to decrypt users iMessages if it so chooses, Apple CEO Tim Cook said that the company does not hold the encryption key for those messages and couldn’t even produce the plaintext in response to a government order. In...

Dennis Fisher and Mike Mimoso Discuss Truecrypt, iMessage Security and More

Dennis Fisher and Mike Mimoso discuss the big stories of the last couple of weeks, including the grassroots effort to audit the TrueCrypt source code, the Apple iMessage security model and Yahoo enabling SSL by default. Download: digitalunderground129.mp3...

Unbreakable Apple's iMessage encryption is vulnerable to eavesdropping attack

Though Apple claims iMessage has end-to-end encryption, But researchers claimed at a security conference that Apple's iMessage system is not protected and the company can easily access it. Cyril Cattiaux - better known as pod2g, who has developed iOS jailbreak software, said that the company's...

Unbreakable Apple's iMessage encryption is vulnerable to eavesdropping attack

Though Apple claims iMessage has end-to-end encryption, But researchers claimed at a security conference that Apple’s iMessage system is not protected and the company can easily access it. Cyril Cattiaux - better known as pod2g, who has developed iOS jailbreak software, said that the company’s...

Apple iMessage Open to Man in the Middle, Spoofing Attacks

The Apple iMessage protocol has been shrouded in secrecy for years now, but a pair of security researchers have reverse-engineered the protocol and found that Apple controls the encryption key infrastructure for the system and therefore has the ability to read users’ text messages–or decrypt them...

iMessage Chat app for Android Worries Security Experts

UPDATE – Security experts and mobile developers are warning Android users to steer clear of an app purporting to be an Android version of Apple’s iMessage technology. The app has been pulled from Google Play according to a Google spokesperson, but it remains available on several third party sites...

Some iMessage Accounts Hit Hard by Mass Messaging, DoS Attacks

A handful of Apple developers have found their iMessage accounts the victim of what’s being loosely referred to as a series of denial-of-service attacks. Using rapid-fire AppleScript texts, attackers have been sending many messages at a time to about half a dozen iOS developers over the last week...

CVE-2012-3733

Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses i...

CVE-2012-3733

Affected product/technique. iOS prior to 6 with iMessage configured for multiple email addresses. Root cause. When replying to a message, the sender address could be different from the recipient address of the original, potentially allowing disclosure of alternate email addresses. Impact. Disclos...

iPhone SMS spoofing vulnerability disclosure-vulnerability warning-the black bar safety net

Vulnerability description: 4 days ago Pod2g issued a document to Never trust SMS: iOS text spoofin http://pod2g-ios.blogspot.com/2012/08/never-trust-sms-ios-text-spoofing.html The vulnerability can affect all iOS version including the latest iOS 6 beta 4 to. And cloth use the program:...