Apple’s Stock Mail App Vulnerable to Attack – Here’s What you need to know.

Posted on by Jeremy Posted in Cyber SecurityTagged , , , , , , ,

KEY POINTS

  • Security researchers have recently identified two Apple iOS vulnerabilities that allow attackers access to data on your iPhone and iPad.
  • According to ZecOps, both vulnerabilities may have been exploited by malicious actors as early as 2018.
  • Apple addressed the vulnerabilities in the iOS 13.4.5 beta and will introduce the fix to the public, along with several new features, in the iOS 13.5 update (You can enroll in the Apple beta software program here).

For years, people have been under the false impression that iOS devices are unhackable. While Apple does have a good record of developing secure devices, anyone in the information security community will tell you that if it connects to the internet, it’s vulnerable to attack. In this week’s post, we’ll examine how attackers are exploiting vulnerabilities in the default iOS mail app and what you can do to protect yourself.

Security researcher ZecOps has identified two iOS vulnerabilities that affect devices running iOS 6 – iOS 13.4.1. These vulnerabilities allow attackers the ability to remotely access data from a victim’s iPhone or iPad and is believed to affect roughly 13.5 billion devices according to TechRepublic. In order to initiate the attack, the hacker simply sends an email containing malicious code to the victims device. When the victim launches Mail app, a trigger is launched and the malicious code is executed. The attack can also be initiated on devices running iOS 13.x without the victim launching Mail app, if the app is already running in the background.

*It’s worth noting that the two vulnerabilities only affect the Mail app. Third party email applications, such as Gmail, Yahoo, and Outlook, are not affected by this vulnerability.

The following measures can be taken to reduce the likelihood of an attacker exploiting this vulnerability on your device:

  1. Remove the Mail app from your device if you have not applied the iOS 13.4.5 beta patch. Removing the app does not delete your emails and, you can access your emails by using a third part email client such as Gmail.
  2. Install the iOS 13.4.5 beta.
  3. Install the iOS 13.5 beta (or iOS 13.5, which is expected to be released mid-May).

Need help securing your mobile device from malicious individuals? Send us a message and we’ll be glad to help! Also, don’t forget to subscribe to our mailing list to stay up-to-date with our latest post!

Additional Resources:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.