A bug on iPhones and iPads’ default mail app that might make users vulnerable to hackers has been made public by researchers from ZecOps, a San Francisco based Cybersecurity Company.
The firm reports the security vulnerability that existed since at least iphone 6 can be executed remotely when the attacker infects a device by sending an email that consumes significant RAM of the infected device. The email is however not larger than regular emails in size but can still consume more RAM, the report warns.
How the vulnerability is exploited;
The vulnerability is triggered when the attacker sends the infected email. On iOS 13 the attack can happen unassisted when the Mail App is opened in the background while on iOS 12, it is triggered when the victim of the attack clicks and opens the email. Unassisted attacks on iOS 12 can also happen if the attacker has control over the mail server. The report warns the victim might not notice any out of the usual activity at first. The attacker will further erase his steps once the attack is successful.
Who has been targeted
The firm is very confident the security flaw has been exploited widely since it was first observed in the wild in early 2018. According to ZecOps, the attack has been widely directed to high net individuals from Fortune 500 companies in North America. Other suspects of the attack include A European journalist, Executives from a swiss company & a japan carrier, employees of Israeli and Saudi MSSPs and a German VIP. The firm did not make the identity of the victims public.
Apple has acknowledged the vulnerability and has promised to fix it in an upcoming security patch according to Reuters.