Apple has another security issue on its hands with security group ZecOps sharing the news that two new vulnerabilities have been found in the Mail app in iOS 13. And to make matters worse, one of those vulnerabilities doesn’t need any input from the user for it to do anything.
The findings were shared on a ZecOps blog post with more information available there.
The most serious of the exploits affect users of iOS 12 and iOS 13 in their current state, although Apple has already fixed it in the latest beta build of iOS 13.4.5. We don’t know when that will be made available, but it’s likely that it will be sooner rather than later.
Worryingly, ZecOps says that it has found evidence that suggests both exploits have been used out in the real world, rather than just in a lab.
The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13. Based on ZecOps Research and Threat Intelligence, we surmise with high confidence that these vulnerabilities – in particular, the remote heap overflow – are widely exploited in the wild in targeted attacks by an advanced threat operator(s).
However, there is at least some good news. The security outfit notes that the emails needed to cause these kinds of problems are particularly large with service providers often blocking them as a matter of course. Not all will, though, leaving people potentially at risk.
Thankfully Apple already has the fix and just needs to make it available.
You may also like to check out:
- iPhone SE 2 2020 Screen Protector: Here Are The Best You Can Buy Today [List]
- Download: iOS 13.4.5 Beta 2 IPSW Links, OTA Update Along With iPadOS 13.4.5 Beta 2 Released
- Kodi 18.6 IPA APK Download For iOS 13 / iPadOS 13, Android Released
- Run Multiple 2 WhatsApp Accounts Number On 1 iPhone The Right Way, Here’s How
- Download: iOS 13.4.1 IPSW Links, OTA Update Released Along With iPadOS 13.4.1 Released
- Jailbreak iPhone 11 Pro Max With Unc0ver 4.0.0 On iOS 13.3 Now
- Checkra1n For Windows Alternative: How To Use Ra1nUSB For iOS 13.3 Jailbreak
- Jailbreak iOS 13.4.1 / iPadOS 13.4.1 Using Checkra1n, Here’s How [Guide]
- Downgrade iOS 13.4.1 To iOS 13.3.1 For Checkra1n Jailbreak, Here’s How
- Apple Watch ECG App Hack: Enable Outside US In Unsupported Country On Series 5 & 4 Without Jailbreak