Critical vulnerability detected in Apple's Mail app: Details here
A critical security flaw has been flagged in the Mail app of Apple's iOS. The issue, first reported by San Francisco-based cybersecurity firm ZecOps, has reportedly been slipping through the cracks since iOS 6, which released in 2012, and poses a major threat to the security of Mail and iPhone/iPad users, The Verge reported. Here's all you need to know about it.
All attackers have to do is send a malicious email
While ZecOps denied sharing specific details of the flaw, they did emphasize that it can be triggered by simply sending a malicious email. "The attack's scope consists of sending a specially crafted email to a victim's mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13," the firm's report said.
Remote attacks already being carried out
What makes this issue even riskier is the fact that Apple did not know about it for years and attackers could have easily exploited the flaw without raising any alarms. In fact, ZeCops says that it believes with "high confidence" that the glitches in question here have already been exploited in targeted attacks carried out by an advanced threat operator.
Fortune 500 company employees involved in the attacks
Providing details of the attack, the security company says that at least six high-profile individuals, including an executive of a Japanese mobile carrier and employees of a Fortune 500 company, have been compromised via Mail app exploits. However, the firm did not share evidence of the exploit or the malicious code sent to trigger the vulnerability.
Apple will soon release stable fix for the issues
ZeCops says that Apple was informed about the flaws last month, following which the Cupertino giant released a patch with the beta release of iOS. The stable version of iOS' Mail app still remains unpatched, but it would be fixed in the coming weeks. For now, to protect yourself, install the latest iOS beta or disable Mail app and switch to Gmail/Outlook.
