IPhone Zero Day Was found in nature that benefits from two vulnerabilities in the Mail application. ZecOps believes that at least one nation-state has purchased the exploit and uses it against several high-level targets.
Important points to remember
- These vulnerabilities exist since at least iOS 6 with the iPhone 5. All versions of iOS are vulnerable, including the latest update iOS 13.4.1.
- They were discovered in January 2018.
- Apple says there are fixes in the latest beta of iOS 13 and will make its way to a public iOS version in the near future.
- The exploit can be used remotely by an attacker sending emails using a large amount of device RAM.
In iOS 12, a specially crafted email causes a vulnerability with iOS MobileMail. On iOS 13, it uses the maild process. One of the vulnerabilities is zero-click, which means that no user interaction is required.
Researchers examined a number of their customers’ iPhones in 2019 after experiencing strange crashes with the default messaging app in iOS. They found that while the victim devices successfully received and downloaded the malicious emails, they were not found on the mail server, meaning they were removed by the attackers to hide their tracks. #
Whether the attack was successful or failed, the victim noted that the Mail application crashed on iOS 12. On iOS 13, a victim noticed nothing but a temporary delay from Mail. If the attack fails, the malicious email message displays the following message:
This message cannot be displayed because of the way it is formatted. Ask the sender to resend it with a different format or email program.
Further details may be found in the report.
[iPhone Factories in China Cut Workers Due to Drop in Demand]
[Pixelmator 2.5 Adds File Browser, Photo Browser, Image Size Presets]
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week