top of page
Search
Writer's pictureupdatedtechforall
Apr 24, 20203 min read

Apple’s built-in iPhone mail app is vulnerable to hackers, research says

Even if victims never saw or clicked on the malware, their phone could be taken over by sophisticated attackers.



Apple iPhone at risk of hacking through email app

A flaw in Apple's mobile operating system may have left millions of iPhone and iPad users vulnerable to hackers.

Research published by ZecOps, a mobile security firm, said a bug in the Mail app made devices susceptible to sophisticated attacks.

The firm said it had "high confidence" the bug has been used to exploited at least six high-profile victims.

An Apple spokesperson told Reuters a fix would be included in upcoming software updates.

In a statement, Apple said: "We have thoroughly investigated the researcher's report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers."

ZecOps reported the bug to Apple in March. The tech giant had not previously known about the issue.

To exploit this flaw, hackers would send a seemingly blank message to an iPhone or iPad users Mail account - the email app on iOS devices. When the email was opened it would crash the app forcing the user to reboot. During the reboot, hackers would be able to access information on the device.

What makes this attack different from other hacks is users do not need to download any external software or visit a website that contains malicious software (malware). Typically hacks require some action on the part of the victim - those steps make possible to trace the origin of the attack.

The researchers said the bug could be exploited even on recent versions of iOS.

ZecOps claimed it had found evidence that the bug was used to attack well-known targets including individuals from a Fortune 500 company in North America, an executive from a mobile carrier in Japan, employees of technology companies in Saudi Arabia and Israel, a European journalist and an individual in Germany. The firm would not disclose the identities of the victims.




Apple downplays iOS Mail app security flaw, says ‘no evidence’ of exploits




Apple has found no evidence that recently discovered security flaws in the native iOS Mail app were exploited by hackers, the company said in a statement. “We have found no evidence they were used against customers,” the company said. It also cast doubt on whether the issues, which it admitted were present on both the iPhone and the iPad versions of its Mail app, were enough to bypass the two devices’ security protections.

Apple’s response directly contradicts the claims of security researchers at ZecOps, who said that they’d found evidence of the exploit being used against at least six high-profile targets. The flaws allowed a hacker to infect a device simply by sending it a specially-crafted email and for the victim to open it. At the time ZecOps said it had “high confidence” that the vulnerabilities had been exploited in the wild by “advanced threat operator(s).”

“WE HAVE FOUND NO EVIDENCE THEY WERE USED AGAINST CUSTOMERS”

Apple said that the vulnerabilities, which ZecOps claimed date back as far as iOS 6, do not pose an immediate risk to its users and will be addressed in a forthcoming software update. When it originally disclosed the vulnerabilities, ZecOps said that Apple had already addressed the issues in the beta version of Apple Mail.

After the research company’s original report, some within the security community — including a researcher at Google’s Project Zero — questioned its claims that the issues had been exploited in the wild. ZecOps had said that unnamed targets included an executive at a mobile carrier in Japan and individuals from Fortune 500 companies in North America.






7 views0 comments

Comments

bottom of page