According to security researchers, the iOS mail app, which is the email client that can be found on most Apple iPhones and iPads, has a severe security flaw making it vulnerable to attacks. The report was published on 22nd April 2020 by ZecOps.
According to ZecOps, the vulnerability is widely exploited in targeted attacks by advanced threat operators. The company believes that at least six high-profile targets were victims, such as individuals from a Fortune 500 company in North America.
Make sure to disable the iOS Mail app (icon seen in the image) to protect your privacy and data.
How do attackers utilize the iOS Mail app security flaw?
- The attacker sends a targeted email to a victim’s email address.
- The email then triggers the vulnerability in the iOS Mail application on iOS 12 or iOS13.
According to ZecOps, the issue has been existing at least since iOS6, which was released in 2012.
Why is this security flaw so dangerous?
Simply, because you can be careful enough with your security and email hygiene, but with this vulnerability, you don’t need to download malware or visit an infected website. All the attackers need to do is remotely executing a code on your iOS device for the Mail app to receive the email and you to open the message.
What should you do if you use iOS Mail?
Take extra care: avoid using iOS Mail entirely. Most email client providers have their own applications. We suggest that you would switch to using those alternatives. Disable the iOS Mail app at least until there is no fix.
Is there a fix coming?
According to reports, ZecOps has reported the vulnerability to Apple, and the company has fixed it, and it is available in the new iOS update in the coming weeks.
Please remember always to update your iOS once there is a new update available.
- Subscribe to All Things Human Risk to get a monthly round up of our latest content
- Request a demo for a customized walkthrough of Hoxhunt