A software flaw which exists on iPhone, iPad, and iPod touch devices using Apple’s Mail app — discovered by ZecOps, a San Francisco-based mobile security forensics company — may have left more than half a billion iPhones vulnerable to hackers.
Christopher Bing and Joseph Menn for Reuters:
Zuk Avraham, ZecOps’ chief executive, said he found evidence the vulnerability was exploited in at least six cybersecurity break-ins. An Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.
Apple declined to comment on Avraham’s research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.
To execute the hack, Avraham said victims would be sent an apparently blank email message through the Mail app forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details.
ZecOps claims the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. By itself, the flaw could have given access to whatever the Mail app had access to, including confidential messages.
ZecOps found the Mail app hacking technique was used against a client last year. Avraham described the targeted client as a “Fortune 500 North American technology company,” but declined to name it. They also found evidence of related attacks against employees of five other companies in Japan, Germany, Saudi Arabia, and Israel.
MacDailyNews Take: Due to this nasty flaw, stop using Mail on your iPhone, iPad, and/or iPod touch for now and as soon as iOS 13.4.5 and iPadOS 13.4.5 become available, update your devices!
Read more about this issue via ZecOps here.
[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]