Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Everything you need to know about the iMessage security flaw patched by iOS 9.3

Glenn Fleishman | March 22, 2016
Security researchers discovered a number of weaknesses in iMessage's encryption system. Apple's patches are already slated to appear.

Has Apple fixed the problems?

Yes, Apple has fixed all the problems the researchers specifically identified through one set of updates performed quietly a few months ago, and another set that appear in iOS 9.3 and OS X 10.11.4. (We’ll discuss the specifics in a later update to this post.)

However, there are larger problems that the researchers identified that they recommend Apple fix, alongside more comprehensive disclosures to put more eyes on the problem and identify weaknesses.

Is this related to the FBI/DOJ court order?

No, although two things are absolutely likely. First, it’s likely that the National Security Agency and other governments’ code-cracking divisions were well aware of this. Despite the cleverness of the researchers’ approach, it’s low-hanging fruit that such departments would likely have probed and discovered.

Second, Apple may be bundling other security improvements to iMessage and other software in the latest iOS and OS X releases in advance of any potential change in U.S. law or ruling, as it isn’t under any publicly known order at the moment to halt its advances in security.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.