Technology
iPhone vulnerability targets Apple’s iOS Mail app
A newly disclosed iPhone vulnerability gives hackers yet another reason to love email.
According to the San Francisco-based security firm ZecOps, bad actors have discovered a way to attack iOS devices via their default email app. And here’s the real kick to the guts: In some cases, you don’t even have to be tricked into opening the email. The damage is done simply by your phone downloading the malicious email in the background.
ZecOps published details of the vulnerability on Monday, claiming it has seen the attack “widely exploited in the wild.” In other words, ZecOps is saying this isn’t just some theoretical bug. Rather, people have actually used it in targeted attacks. The vulnerability affects, to some degree, every version of Apple’s operating system from iOS 6 and up.
“The vulnerability allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory,” explains ZecOps. “The vulnerability can be triggered before the entire email is downloaded, hence the email content won’t necessarily remain on the device.”
Phones running iOS 13 are particularly vulnerable, as they reportedly don’t even need to open the email for it to do its work. If you’re running iOS 12, you’re a tad bit better off — you have to click the email first, but your phone is ultimately still at risk if you do so.
We reached out to Apple to both confirm ZecOps report and to determine when, if ever, it plans to issue a patch. Apple confirmed that a vulnerability in Mail is patched in the iOS 13.4.5 beta, which is out now, and will be included in an upcoming software update.
At present, assuming you’re not running a beta version of iOS, ZecOps says there is no way to prevent this attack other than to disable the default iOS mail app.
So, should you actually be worried about this? Well, that depends. Are you someone with valuable information that a nation-state might want a piece of? If so, then possibly.
Victims of this attack, claims ZecOps, include “individuals from a Fortune 500 organization in North America,” “an executive from a carrier in Japan,” “a VIP from Germany,” “[managed security service providers] from Saudi Arabia and Israel,” and “a Journalist in Europe.”
SEE ALSO: As coronavirus spreads, yet another company brags about tracking you
In other words, your average Joe doesn’t need to stress about this too much.
Still, it’s worth keeping in mind that no operating system is completely hack-proof. And yes, that even includes Apple’s. Oh yeah, and it also serves as a stark reminder that you should always make sure your phone is running the latest version of iOS — whether you’re an average Joe or not.
-
Entertainment7 days ago
WordPress.org’s login page demands you pledge loyalty to pineapple pizza
-
Entertainment6 days ago
‘Mufasa: The Lion King’ review: Can Barry Jenkins break the Disney machine?
-
Entertainment6 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment5 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment6 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment4 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment4 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment3 days ago
CES 2025 preview: What to expect