OS X Update Fixed JavaScript Link Vulnerability in iMessage

Late last month Apple fixed a major security flaw in iMessage, they also solve another potential problem in the software update. Specifically, the vulnerability can allow hackers to launch XSS attack to OS X El Capitan user only by disguised JavaScript links. As shown in the video, just click on the suspected link in Messages, your chats and attachments will be automatically uploaded onto the remote server.

Logically speaking, this kind of attack on the browser would be more common, but according to experts, by the WebKit engine, hackers can bring it into many other applications. Anyway, after the upgrade to the latest version of OS X, at least for now, this risk should have reduced a lot. But even so, it is best to avoid clicking those suspicious links.

Although the attacks focused on the iMessage client for OS X, but could work on any iPhone that had turned SMS forwarding on. So as always, make sure you have all of the latest updates installed, and double check links before blindly clicking on them.