Apple iOS At Risk In Email Hack

cybersecurity iOS

People using the default email app on iPhones and iPads might have a zero-click software vulnerability that can be deployed remotely without user interaction.

The San Francisco-based cybersecurity startup ZecOps discovered several remote attacks during a routine iOS Digital Forensics and Incident Response (DFIR) check. The attack consists of sending an email to the victim’s mailbox, which triggers a vulnerability in the mail application. The sophisticated intrusions are difficult to detect in part because of Apple’s own security measures. 

“Based on ZecOps Research and Threat Intelligence, we surmise with high confidence that these vulnerabilities — in particular, the remote heap overflow — are widely exploited in the wild in targeted attacks by an advanced threat operator(s),” ZecOps said in a statement.

Targets of the attacks included executives from a North American Fortune 500 company; a Japanese airline executive; a German VIP; a European journalist; and Managed Security Service Providers (MSSPs) from Saudi Arabia and Israel, ZecOps said. The company also suspects that a Swiss executive was also targeted.

ZecOps didn’t attribute the attacks to a specific hacker but is aware of a “hackers-for-hire” group that sells “exploits using vulnerabilities that leverage email addresses.”

“We concluded with high confidence that it was exploited in the wild,” Zuk Avraham, the founder and CEO of ZecOps, told Motherboard. “One of [the vulnerabilities] we clearly showed that it can be triggered remotely, the other one requires an additional vulnerability to trigger it remotely.”

Dan Guido, the CEO of the New York cybersecurity firm Trail of Bits, that this type of vulnerability “is something you see so rarely on mobile devices and iOS,” since it is remote and deployed without the victims having to click on anything.

Apple is releasing a patch for the bug in an upcoming release of iOS 13.

As the coronavirus pandemic continues to roil the U.S. and the U.K., a wave of new cyberattacks appears to be taking advantage of the situation in both countries.