Researchers at John Hopkins University claim to have discovered a flaw in Apple’s encrypted messaging system that allows them to access private messages sent between individuals, The Washington Post reports.
The flaw worked on Apple customers using outdated versions of Apple’s operating system. Every iOS release increases security, but there will be plenty of customers using outdated software.
Researchers haven’t explained exactly how the attack was carried out, and won’t do so until Apple has fixed it. But they explained that they were able to repeatedly guess the numbers that form links for photos stored on Apple’s servers until they found the correct combination that allowed them to access the file.
Computer science professor Matthew D. Green said that the flaw could have been exploited by someone with a lot more computing power to access messages on newer versions of Apple’s software.
The security flaw comes as Apple battles the FBI over the strength of encryption in its smartphones. The company is fighting the US government’s demand to help unlock an iPhone linked to one of the San Bernardino shooters.
It was recently reported that senior Apple engineers could quit the company rather than be forced to help the government get into an iPhone.
Apple did not immediately respond to a request to comment, although it did provide The Washington Post with this statement:
Apple works hard to make our software more secure with every release. We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability … Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.