iMessage vulnerability exposes iCloud photos
Researchers at Johns Hopkins University have discovered a vulnerability in Apple’s popular iMessage platform that allows an attacker to retrieve encrypted photos stored on iCloud, according to the Washington Post. The proof-of-concept attack works against an older version of iOS, but the researchers indicate that a hacker could attack modern versions of the OS using a modified version of their approach. Details of the attack weren't made available in order to give Apple a chance to patch the vulnerability today in iOS 9.3.
By mimicking an iMessage server on the same network as the target phone, the researchers were able to receive encrypted images and an obfuscated decryption key from the target device. With that data in hand, the researchers were able to brute-force the key by exploiting the fact that the vulnerable version of iMessage accepted and confirmed partially-correct keys. Eventually, the researchers were able to generate the correct key and retrieve the target image from iCloud. If the device were to stay on the compromised network long enough for the attack to be successful, the owner of the device would have no indication that the attack had taken place.