Although Apple’s iOS platform is famed for being one of the most secure and safe out there, recently reports surfaced that ZecOps researchers found a flaw in Apple’s Mail app. This security flaw allows attackers to infect iPhone and iPad devices with malware. However, according to Apple, there is “no evidence” that this flaw in the mail app for iPhones and iPads has been used against customers. It further added that the flaw does “not pose an immediate risk to our users”.
As reported by Reuters, after the security flaw was brought to light by ZecOps researchers, Apple admitted that the security flaw was present in the Mail app for iPhones and iPads. It also said that it has a patch ready for the vulnerability which will be released in an update for devices all across the world.
ZeCops in its report mentioned that it surmises with “high confidence” that these vulnerabilities found on the mail app, especially the remote heap overflow, are being “widely exploited in the wild in targeted attacks by an advanced threat operator(s)”. As per the report, all the tested iOS versions are vulnerable including iOS 13.4.1. These bugs had also been actively triggered on iOS 11.2.2 and potentially earlier. iOS 6 and above are also vulnerable. ZycOps research team also stated that versions prior to iOS 6 might also be vulnerable to the security flaw but they haven’ analyzed the earlier versions yet.
However, the company believes that the security issues do not pose any immediate danger to the users after extensively investigating the report by ZecOps. “The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers,” said Apple.
Moreover, Zuk Avraham, CEO, ZecOps, told Reuters that he found evidence that this vulnerability has been exploited by the hackers in at least six cybersecurity break-ins. He also added that there is evidence that an attacker had been exploiting the security flaw vulnerability since January 2018. Avraham hasn’t responded yet to Apple’s statement.