iMessage vulnerability exposes iCloud photos
Researchers at Johns Hopkins University have discovered a vulnerability in Apple's popular iMessage platform that allows an attacker to retrieve encrypted photos stored on iCloud, according to the Washington Post. The proof-of-concept attack works against an older version of iOS, but the researchers indicate that a hacker could attack modern versions of the OS using a modified version of their approach. Details of the attack weren't made available in order to give Apple a chance to patch the vulnerability today in iOS 9.3.
By mimicking an iMessage server on the same network as the target phone, the researchers were able to receive encrypted images and an obfuscated decryption key from the target device. With that data in hand, the researchers were able to brute-force the key by exploiting the fact that the vulnerable version of iMessage accepted ...