Apple iMessage service just like WhatsApp provides end-to-end encryption for all communications done through the app. As hackers couldn’t break Apple’s encryption they also had another option, which potentially allowed them to steal user’s private conversation history directly from the OS X client of the app. This exploit was recently discovered by researchers who reported it to Apple before revealing it publicly. Since then the iMessage vulnerability has been patched by Apple and user’s data is safe.
The hack involved sending the user a bogus link, which when clicked would pull data from the iMessage OS X client and upload it to the hacker’s server. The hack could only be activated after the user would click on the link, so to make sure that they would do that the hackers could mask the malicious URL with a familiar domain such as facebook.com or google.com. It is unclear whether the researchers Shubnam Shah, Joe DeMesy and Matt Bryant were the first ones to discover the vulnerability or if it was used by hackers prior to that. No evidence to support the later is available, yet.
It is good to know that Apple quickly patched the iMessage exploit so user’s data could be protected. A few days ago we also reported about the lockscreen vulnerability that allowed anyone to view photos and contacts stored on a locked iPhone using Siri. Since the hack involved Siri, Apple was able to patch that exploit from the server side without needing to release any software updates. (TheVerge)