Unpatched iPhone bug could allow hackers easy access into the proprietary Mail app

Unpatched iPhone bug could allow hackers easy access into the proprietary Mail app
Cybersecurity startup ZecOps has discovered that an iOS loophole could allow hackers to mess with the Mail app in iPhones and iPads. iOS has been vulnerable to this bug since at least 2012 when iOS 6 came out. If it’s any solace, it seems like cybercriminals began exploiting the bug in 2018.

Additional vulnerabilities would provide full iPhone access to hackers

By exploiting the loophole, attackers can read, edit, and delete emails in the Mail app. And worst of all, users are unlikely to notice anything unusual on the latest version of the iPhone’s operating system, iOS 13, apart from a temporary slowdown at best. In some instances, failed attacks will result in an email that reads: "This message has no content." 
To begin, attackers send an email to the victim. Once processed, the email is deleted by them, which means they leave no traces in most cases. At the same time, the victim goes about their business, unaware that their mailbox is under constant attack.
Most of the time, user input will not be needed to trigger the exploit, and in other cases, only viewing the message will be enough to allow nefarious actors to execute code.
Thankfully, hackers cannot engage in a mass exploit, as the bug requires a specifically crafted email for every target. Still, the vulnerability can put high-profile people at risk, and apparently, that’s already happening.
Per ZecOps, some suspected targets include employees of a Fortune 500 organization, executives from Swiss and Japanese companies, as well as MSSPs from Saudi Arabia and Israel. The firm also believes that a nation-state threat operator can be behind the attacks.
Apple is aware of the issue and plans to fix it with the rollout of iOS 13.4.5. Beta users of iOS 13.4.5 are already protected, so for now, other users might want to disable the Mail app and use an alternative instead.


Latest News

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless