New iOS Vulnerability Could Allow Attackers to Crack Encrypted iMessage Attachments
By Symantec Security Response
CVE-2016-1788 is difficult to exploit, but within the capabilities of nation state attackers. Users are advised to update to iOS 9.3 to reduce the risk of attack.
Users of Apple devices such as the iPhone and iPad are advised to update to the latest version of the iOS operating system (iOS 9.3), following the discovery of a vulnerability that could potentially allow attackers to access and decrypt iMessage attachments.
iMessage is a built-in messaging system on devices running iOS. While its messages are encrypted, a team of researchers at Johns Hopkins University discovered a vulnerability (CVE-2016-1788) that allowed them to decrypt iMessage attachments.