Cybersecurity startup ZecOps has discovered that an iOS loophole could allow hackers to mess with the Mail app in iPhones and iPads. iOS has been vulnerable to this bug since at least 2012 when iOS 6 came out. If it’s any solace, it seems like cybercriminals began exploiting the bug in 2018.
Additional vulnerabilities would provide full iPhone access to hackers
By exploiting the loophole, attackers can read, edit, and delete emails in the Mail app. And worst of all, users are unlikely to notice anything unusual on the latest version of the iPhone’s operating system, iOS 13, apart from a temporary slowdown at best. In some instances, failed attacks will result in an email that reads: "This message has no content."
To begin, attackers send an email to the victim. Once processed, the email is deleted by them, which means they leave no traces in most cases. At the same time, the victim goes about their business, unaware that their mailbox is under constant attack.
Most of the time, user input will not be needed to trigger the exploit, and in other cases, only viewing the message will be enough to allow nefarious actors to execute code.
Thankfully, hackers cannot engage in a mass exploit, as the bug requires a specifically crafted email for every target. Still, the vulnerability can put high-profile people at risk, and apparently, that’s already happening.
Per ZecOps, some suspected targets include employees of a Fortune 500 organization, executives from Swiss and Japanese companies, as well as MSSPs from Saudi Arabia and Israel. The firm also believes that a nation-state threat operator can be behind the attacks.
Apple is aware of the issue and plans to fix it with the rollout of iOS 13.4.5. Beta users of iOS 13.4.5 are already protected, so for now, other users might want to disable the Mail app and use an alternative instead.
Anam Hamid is a computer scientist turned tech journalist who has a keen interest in the tech world, with a particular focus on smartphones and tablets. She has previously written for Android Headlines and has also been a ghostwriter for several tech and car publications. Anam is not a tech hoarder and believes in using her gadgets for as long as possible. She is concerned about smartphone addiction and its impact on future generations, but she also appreciates the convenience that phones have brought into our lives. Anam is excited about technological advancements like folding screens and under-display sensors, and she often wonders about the future of technology. She values the overall experience of a device more than its individual specs and admires companies that deliver durable, high-quality products. In her free time, Anam enjoys reading, scrolling through Reddit and Instagram, and occasionally refreshing her programming skills through tutorials.
Recommended Stories
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: