CATEGORIES
home News

Apple iPhone Mail App Zero-Day Security Exploit Potentially Exposed Private Data Of Millions

by Brandon HillWednesday, April 22, 2020, 03:30 PM EDT
Apple iPhone XR
If you're an Apple iPhone or iPad owner that uses the native Mail app for emailing purposes (and that probably includes a marjory of iOS users), we have a word of caution for you. The folks over at ZecOps have uncovered a vulnerability in the app that is currently active in the wild, pending a fix from Apple.

According to a blog that ZecOps researchers posted today, the vulnerability is "widely exploited" and has primarily targeted "VIPs, executive management across multiple industries, individuals from Fortune 2000 companies" around the globe.

The exploit requires absolutely no user-intervention in iOS 13, and can be perpetrated by an email sent to a target while the Mail app is simply running in the background. Since the user doesn't have to click an email link, or even have the Mail app running in the foreground, it's being called a "zero-click" attack. Apple's latest iOS 13.4.1 is reportedly susceptible, as are all previous versions of the mobile operating system dating back to iOS 6. However, it appears that hat in-the-wild attacks weren't "triggered" until iOS 11.2.2 in January 2018.

An attacker can use this method to perform remote code execution on an iPhone/iPad by sending emails that will cause a memory crash. What's even more interesting is that the researchers indicate that the vulnerability "can be triggered before the entire email is downloaded, hence the email content won’t necessarily remain on the device."

The rather unsettling aspect about this vulnerability is that ZecOps claims that it has evidence that it has been actively exploited in the wild for at least two years. And although it's little consolation to businesses that have already been hit, Apple has reportedly fixed the vulnerability with the most recent iOS 13.4.5 beta which is currently in the hands of developers ahead of a public release.

Tags:  Apple, security, Zero-Day, (NASDAQ:AAPL)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment