[ad_1]
American security researchers at ZecOps have revealed a zero-day exploit in Apple Mail that the researchers say has been around since at least September 2012, the release date of iOS 6 and iPhone 5. According to the results of the investigation, all iOS versions since iOS 6 are affected by the vulnerability, including iOS 13.4.1. Earlier versions could also be vulnerable to vulnerability – ZecOps has so far simply not verified them. The results also show that attackers have been actively exploiting the vulnerability since January 2018 (iOS 11.2.2).
The vulnerability in Apple Mail leads unsuspecting users to malicious code on their iPhones, so that in the worst case, attackers can gain control over victims’ devices. This is accomplished by sending emails to memory-intensive iOS users that “overload” the device, so to speak. Errors are not enough for full control over end devices; attackers have to take additional measures for this. However, changing, deleting and publishing emails is quite possible.
Particularly worrying: According to ZecOps, iOS 13 users don’t even have to actively open mail; it is sufficient if the mail application is open in the background. With iOS 12, the exploit is only activated if malicious emails are also clicked, unless the attacker has previously gained access to the victim’s email server. Gaps are only closed in iOS beta 13.4.5.
