Serious Apple Mail zero-day security vulnerabilities found in the wild
According to a recent report by a cybersecurity firm based in San Francisco, Apple’s Mail app has two serious security flaws in default iOS and iPadOS mail app, the company ZecOps ran routine forensics on customer devices and found two vulnerabilities after digging further, the company has outlined the evidence of targeted attacks in a report on Wednesday.
The vulnerabilities allow an attacker to run remote code by exploiting Apple’s MobileMail and Mailid processes in iOS 12 and iOS 13, respectively, through the use of a specially crafted email. And, if triggered properly, a user wouldn’t know that they were being hacked.
At least six attack targets have been detected, including employees of major telecommunications companies in Japan, a major US company, various technology companies in Israel and two European entrepreneurs.
Upon further investigation, ZecOps learned that number of users were targeted with this flaw including the employees of Fortune 500 company in North America, a journalist in Europe, and a VIP in Germany. It was also discovered that the emails were deleted by the attackers in order to cover their footprints.
The vulnerabilities only impact the native Mail application, and not third-party apps. To mitigate the attacks, ZecOps recommends that users stop using Mail on iOS and iPadOS until a patch is issued. MacOS is unaffected.