Apple prides itself upon its diligent efforts to maintain software that is secure. iOS is generally regarded as the most robust in defense against malicious intrusion and attack, but like any piece of software, it is far from perfect. From time to time, Apple’s mobile OS makes the headlines for the wrong reasons, and unfortunately, a claim by the Cupertino that email attachments are encrypted is refutable thanks to a glaring bug that has been lingering in the software for months.
When it comes to championing its own security, there are few that do it better than Apple. The claim that Macs weren’t susceptible to “PC viruses,” which was once plastered all over the company’s main site, had to be humbly removed when the Flashback fiasco hit the fan, and while Apple now suggests that email messages attachments are protected through encryption, a bug evident right the way back from iOS 7.0.4 to iOS 7.1.1 (the latest) is a slap on the face to that assertion.
Security specialist Andreas Kurtz has demonstrated the bug in detail, first creating an IMAP email account and then sending messages with attachments. From there, he closed down the device, but easily hacked into the file system and was able to read the attachments in plain text.
Worryingly, the tools he used to get the job done are fairly ubiquitous, so it’s not as though a potential hacker would need anything specialist or proprietary in order to access these supposedly encrypted files.
According to Kurtz, Apple has acknowledged the existence of the bug, although hasn’t given a date for when it will be fixed. Presumably, given the increase in blogosphere coverage, a remedial iOS 7.1.2 update will be forthcoming, although at present, there’s no way of knowing precisely when this will be.
With iOS 8 on the horizon and on the verge of the big reveal, we’re not expecting too many more iOS 7.x public releases, but when security is at stake, Apple always makes exceptions. If you don’t frequently deal with emails with attachments, then you needn’t worry too much for now, but at any rate, we’ll keep a close eye for any official announcement from Apple, and be sure to let you know of any critical developments.
You might also like to check out: