Security News > 2016 > April > Bug in OS X Messages client exposes messages, attachments (Help Net Security)

Bug in OS X Messages client exposes messages, attachments (Help Net Security)
2016-04-11 20:52

When in March Apple pushed out security updates for its many products, much attention has been given to a zero-day bug discovered by a team of Johns Hopkins University researchers, which could have allowed attackers to decrypt intercepted iMessages. Another vulnerability (CVE-2016-1764) that affects the OS X Messages client has passed practically unnoticed, as its description simply said “clicking a JavaScript link can reveal sensitive user information.” But on Friday more details about it have … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/9DQWIky-VE8/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-03-24 CVE-2016-1764 Information Exposure vulnerability in Apple mac OS X
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
network
apple CWE-200
4.3
4.3

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
X 24 3 31 7 7 48