When in March Apple pushed out security updates for its many products, much attention has been given to a zero-day bug discovered by a team of Johns Hopkins University researchers, which could have allowed attackers to decrypt intercepted iMessages.

Another vulnerability (CVE-2016-1764) that affects the OS X Messages client has passed practically unnoticed, as its description simply said “clicking a JavaScript link can reveal sensitive user information.”

More details about the research developed by Bishop Fox researchers can be found in this Help Net Security piece – Bug in OS X Message Client Exposes Messages, Attachments