According to a report published by the ZecOps company, the iOS and iPadOS version of the Mail application, preinstalled on all Apple devices, had major security vulnerabilities. This is what we learned last week, before Apple tries to minimize the situation.
The Cupertino firm spoke out on the subject, contacting Bloomberg reporter Mark Gurman, who was quick to share the statement on his Twitter account.
–
Apple takes all reports of security threats seriously. We have carefully studied it and, on the basis of the information provided, we have concluded that these problems do not pose an immediate risk to our users. The researcher identified three problems in Mail, but by themselves they are not enough to bypass iPhone and iPad security protections, and we found no evidence that they were used against clients .
As a reminder, the ZecOps report told us that the attacks, undetectable by the user and targeting the application, had increased in the last two years, and that it only took a simple modified email to hack the device.
The modified email would overload the phone memory, which only has the visible effect of crashing the app. The attack therefore requires neither malicious software nor fraudulent links to click on. Worse, ZecOps announced that this vulnerability of the application would be present since iOS 6, released in 2012. Even if the first attack detected would date from January 2018 (the iPhone and the iPad were then passed on iOS 11.2.2). Another problem: if previous versions of iOS required opening the email, on iOS 13 (the latest version), simply receiving the email in its inbox would be enough to trigger the attack.
Despite everything, Apple is preparing a patch, which should arrive with update 13.4.5, which is currently in beta phase.
–
