Apple’s nearly year-and-a-half old iMessage service has been found to be vulnerable to an attack that uses a flood of messages, or messages so long that the application is rendered unstable.
According to a report from The Next Web, a small group of developers have found themselves the target of an attack that does one of those things — sending what could be thousands of messages.
Newfound iMessage security issue spams
The source is suspected to be someone with involvement in pirated iOS software, who could have gotten some basic information needed to send another user a message through Apple’s messaging service, The Next Web says. That same individual (or group of individuals) is also said to be using throwaway e-mail accounts, making it difficult to trace it back or block future attacks.
CNET has contacted Apple for more information about the issue, and will update this post when we know more.
iMessage is Apple’s proprietary messaging platform used between iOS devices, as well as Macs, replacing the need to use text messages on the former. The feature was added in iOS 5, and into Mac OS X in version 10.8 Mountain Lion inside of the Messages app. Apple said in January that its users were now sending more than 2 billion messages on the services each day.
The exploit, which The Next Web says can be set up using AppleScript, comes on the heels of a security hole found on Apple’s password reset tool late last week. Apple took the service down for several hours before it was repaired.