According to a new report out this evening, Apple had a security problem with iMessage but provided a fix in iOS 9.3 and OS X 10.11.4, which shipped in March 2016. The discovery of the problem was discovered by a team of researchers from the Johns Hopkins University led by Christina Garman, a team which also included famous cryptography expert Matthew Green. Since that time Apple added a series of short and long-term defenses to the iMessage protocol. Apple was made aware of the problem as early as November 2015.
Since then, Apple has been pushing mitigations recommended by the researchers through monthly updates to several of its products. Most of the repairs were included in iOS 9.3 and OS X 10.11.4, which shipped in March 2016. The problem could have only been hacked by state-sponsored level actors, the report noted.
A full list of short and long-term mitigations that researchers proposed could be found in their researcher paper called Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage, in section 7. You could access the paper/PDF here. The paper was made public earlier this week at the USENIX Security Symposium, Austin, Texas. You could also read more on this story here.
About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments.