Verizon Messages (Message+) is a group of software clients available for mobile, desktop, and web allows users to send and receive messages across multiple types of devices.
He was able to force the anchor to cover the user’s entire screen with inline styles, the onmouseover event triggers immediately upon opening the message:
An attacker could control the page with a specially crafted text message, ending in a complete takeover of the user’s session and this will allow the controlling of any functionality, including sending and receiving SMS messages on the side of the victim.
Randy sent the PoC and screenshots/video of the security issue to Verizon. As always, they were quick to respond, appreciated the report, and patched the issue quickly.