data security

Hackers can just send emails and breach into your iPhones and iPads

Apple iPhones and iPads come with a default email app called ‘Mail’, which has become another zero-day topic for today. Security researchers from ZecOps have detected two new critical vulnerabilities that are actively being exploited in the wild. The hackers have just to send out an email to the targeted user account and boom they are inside your Apple devices. 

According to ZecOps, these vulnerabilities are remote code execution flaws in the app’s MIME library, the first vulnerability is because of the out of bounds write issue and the second is for a heap overflow. Although users’ actions are intended for the first vulnerability, the second one can be exploited with zero actions from the victim, delivering the mail to the inbox will be all sufficient to breach into user devices.

Six organizations become victim to this vulnerability

Security researchers believe this attack is existing in the app for almost 8 years now, and has been affecting iOS 6 and iOS 13.4.1 version, the recent one. Considering apple is yet to release a patch for these critical vulnerabilities, the situation is little serious. Additionally, multiple hacking groups are already taking advantage of these zero-days to target high profile individuals, industries, organizations, MSSPs, and MSP from Saudi Arabia, Europe and Israel.

Source: ZecOps

ZecOPs researchers have identified six organizations have become victim to this vulnerability exploitation in the wild, and that is only based on the data that they had, and the situation could actually be even worse.

What is even more scary about this vulnerability?

Hackers just need an email id to get inside your Apple device using the email app vulnerability, however if the victims are looking to identify anything fishy on their inbox, the email sent for breaching the device can be deleted as soon as the hacker has successfully breached the device. Victims will experience an unknown crash of the email app once the hack is achieved. After hackers are inside the device, the can remotely do anything, including stealing, encrypting, modifying and deleting of the devices. This is because, hackers can deploy other malware into the system, and also spread across a network using a kernel vulnerability, if present.

Source: ZecOps

How to fix these zero-day vulnerabilities?

The recently released version of iOS 13.4.5 version holds the fix for these vulnerabilities, so please update to the latest version of iOS if the update is shown in your devices. Moreover, for other versions of iOS, patches will be available soon, so please ensure your email app is updated first before others. The ZecOps researchers have already reported these flaws to Apple, and the patch could be available anytime soon. IT managers, please ensure you set a reminder for these zero-day vulnerabilities and deploy them as soon as it is made available.

However, until the patch gets released, it is better to use other mail apps. 

It is not even a day, since we discussed about IBM’s four new zero-day vulnerabilities, and here is Apple with another two zero-days. Please deploy the patches as soon as they are made available.

Note: macOS is not vulnerable to these vulnerabilities, these are pertaining to iOS only.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on FacebookLinkedinInstagramTwitter and Reddit

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

1 day ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago