Report: iPhone’s native Mail app has an eight-year-old security flaw

Researchers from a cybersecurity startup in the U.S. have published a report claiming that the Mail app in iOS has a serious security flaw that hackers can exploit. The exploit has apparently been around since 2012 on iOS 6, and is still present in the current official iOS version from Apple.

The vulnerability was first noticed by ZecOps when dealing with random crashes on the iPhones of their customers. Having investigated the issue, the researchers notified Apple—who have reportedly patched the vulnerability in the latest iOS beta release.

While an update could be coming soon, this means that current iOS users could be vulnerable to hackers via remote code execution capabilities—all without having to download anything. The way it works, perpetrators send disguised emails to victims which, when opened, infect the victim’s machine.

“Based on ZecOps Research and Threat Intelligence, we surmise with high confidence that these vulnerabilities – in particular, the remote heap overflow – are widely exploited in the wild in targeted attacks by an advanced threat operator(s).”

However, it’s worth noting that ZecOps did not provide much in the way of hard evidence, saying that the infected email messages were remotely detonated. The report also alleges that a string of prominent individuals, including individuals from a Fortune 500 country, a VIP from Germany, and so on. While the names aren’t revealed for privacy purposes, “A Journalist in Europe” is a little vague.

To stay protected, ZecOps says that you should disable the native Mail app in iOS, and use an alternative instead. When the update is available, users are advised to update as soon as possible.

“To mitigate these issues—you can use the latest beta available. If using a beta version is not possible, consider disabling Mail application and use Outlook or Gmail that are not vulnerable.”

Or, y’know, you could switch to an Android phone.

[ SOURCE ]