Hi guys! This is the PoC for CVE-2016-1764, the vulnerability which was released last week for Apple iMessage. Messages (iMessage) for OS X from Apple, implements its user interface using an embedded version of WebKit, furthermore Messages on OS X will render any URI as a clickable HTML <a href= link. An attacker can create a simple JavaScript URI (e.g., java-script: ) which when clicked grants the attacker initial JavaScript execution (XSS) in the context of the application DOM. Though the embedded WebKit library used by Messages for OS X executes in an applewebda-ta:// origin, an attacker can still read arbitrary files using XMLHttpRequest (XHR) GET requests to a file:// URI since there is no same-origin policy (SOP) implemented. By abusing XHR to read files an attacker can upload a victim’s entire chat history and attachments to a remote server as fast as the victims Internet connect will allow; the only user interaction required is clicking on a single link in chat. Furthermore, if SMS forwarding is enabled the attacker can also recover messages sent to/from the victim's iPhone.
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!

CVE-2016-1764 - Apple iMessage Exploit
#1
Posted 11 April 2016 - 04:43 PM

#2
Posted 11 April 2016 - 04:47 PM

#3
Posted 11 April 2016 - 07:36 PM

thanks bro
#4
Posted 15 April 2016 - 07:03 PM

Thanks bro. Cheers.
#5
Posted 15 April 2016 - 07:20 PM

Yo, I probably won't ever use this, but after reading that, that's actually really smart yo. Good shit.
#6
Posted 16 April 2016 - 04:22 AM

Looks great, can't wait to check it out.
#7
Posted 16 April 2016 - 04:27 AM

#8
Posted 16 April 2016 - 08:05 AM

check this miracle
#9
Posted 17 April 2016 - 03:31 PM

#10
Posted 18 April 2016 - 02:04 PM

0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users