Sign In
Create Account
Hi guys! This is the PoC for CVE-2016-1764, the vulnerability which was released last week for Apple iMessage. Messages (iMessage) for OS X from Apple, implements its user interface using an embedded version of WebKit, furthermore Messages on OS X will render any URI as a clickable HTML <a href= link. An attacker can create a simple JavaScript URI (e.g., java-script: ) which when clicked grants the attacker initial JavaScript execution (XSS) in the context of the application DOM. Though the embedded WebKit library used by Messages for OS X executes in an applewebda-ta:// origin, an attacker can still read arbitrary files using XMLHttpRequest (XHR) GET requests to a file:// URI since there is no same-origin policy (SOP) implemented. By abusing XHR to read files an attacker can upload a victim’s entire chat history and attachments to a remote server as fast as the victims Internet connect will allow; the only user interaction required is clicking on a single link in chat. Furthermore, if SMS forwarding is enabled the attacker can also recover messages sent to/from the victim's iPhone.
Welcome to NulledBlog
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
CVE-2016-1764 - Apple iMessage Exploit
Started By Metahuman, Apr 11 2016 04:43 PM
#1
Posted 11 April 2016 - 04:43 PM
-
Member
-
- Posts:
- 49
- Reputation:
- 3
- Joined:
- 18 Mar, 2016
Back to top
Report
#2
Posted 11 April 2016 - 04:47 PM
-
Addicted
-
- Posts:
- 171
- Reputation:
- 0
- Joined:
- 14 Apr, 2015
#3
Posted 11 April 2016 - 07:36 PM
-
Advanced Member
-
- Posts:
- 125
- Reputation:
- 0
- Joined:
- 20 Jul, 2015
thanks bro 
#4
Posted 15 April 2016 - 07:03 PM
-
₆⁶₆
-
- Posts:
- 32
- Reputation:
- 0
- Joined:
- 18 Feb, 2016
Thanks bro. Cheers.
#5
Posted 15 April 2016 - 07:20 PM
-
Drone Artist
-
- Posts:
- 125
- Reputation:
- 18
- Joined:
- 17 Mar, 2016
Yo, I probably won't ever use this, but after reading that, that's actually really smart yo. Good shit.
#6
Posted 16 April 2016 - 04:22 AM
-
Lurker
-
- Posts:
- 1
- Reputation:
- 0
- Joined:
- 16 Apr, 2016
Looks great, can't wait to check it out.
#7
Posted 16 April 2016 - 04:27 AM
-
New Member
-
- Posts:
- 10
- Reputation:
- 1
- Joined:
- 15 Apr, 2016
#8
Posted 16 April 2016 - 08:05 AM
-
Advanced Member
-
- Posts:
- 137
- Reputation:
- 4
- Joined:
- 02 Mar, 2016
check this miracle
#9
Posted 17 April 2016 - 03:31 PM
-
Advanced Member
-
- Posts:
- 129
- Reputation:
- 0
- Joined:
- 15 Apr, 2016
#10
Posted 18 April 2016 - 02:04 PM
-
Lurker
-
- Posts:
- 4
- Reputation:
- 0
- Joined:
- 09 Apr, 2016
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
