OS X Update fixes the JavaScript link vulnerability in iMessage.
At the end of last month, Apple fixed a major security vulnerability in iMessage. However, during the same round of software updates at that time, they also fixed another potential problem, the security experts explained the truth. Specifically, this vulnerability allows hackers to launch XSS attacks to OS X El Capitan users based on disguised JavaScript links. As shown in the redirected video, as long as you click the problematic link in Messages, your chat records and attachments will be automatically uploaded to the remote server.
This attack method is more common in browsers, but according to experts, it can also be brought into many other applications through engines such as WebKit. In any case, after upgrading to the latest OS X version, at least at present, this risk should have been reduced a lot. But even so, it is better to look at the link.
Reference Source: Bishop, Matthew D. Green (Twitter)
More messages: Apple Support
This article permanently updates the link address: