Unpatched iPhone bug could allow hackers easy access into the proprietary Mail app
Additional vulnerabilities would provide full iPhone access to hackers
To begin, attackers send an email to the victim. Once processed, the email is deleted by them, which means they leave no traces in most cases. At the same time, the victim goes about their business, unaware that their mailbox is under constant attack.
Most of the time, user input will not be needed to trigger the exploit, and in other cases, only viewing the message will be enough to allow nefarious actors to execute code.
Thankfully, hackers cannot engage in a mass exploit, as the bug requires a specifically crafted email for every target. Still, the vulnerability can put high-profile people at risk, and apparently, that’s already happening.
Per ZecOps, some suspected targets include employees of a Fortune 500 organization, executives from Swiss and Japanese companies, as well as MSSPs from Saudi Arabia and Israel. The firm also believes that a nation-state threat operator can be behind the attacks.
Apple is aware of the issue and plans to fix it with the rollout of iOS 13.4.5. Beta users of iOS 13.4.5 are already protected, so for now, other users might want to disable the Mail app and use an alternative instead.