Menu
Apple admits to widespread iOS Mail security threat but claims no ‘immediate risk’

Apple admits to widespread iOS Mail security threat but claims no ‘immediate risk’

Fix coming 'soon'

Credit: Dreamstime

After a security firm uncovered a flaw in Apple’s iOS Mail app that “allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory,” the technology giant is assuring users that it doesn’t pose an immediate risk.

In a statement to the market, Apple assured users that the protections in place on iPhones and iPads are strong enough to mitigate any potential risk. “The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections.”

In its findings, security researcher ZecOps said the flaws “would allow the attacker to leak, modify, and delete emails.”

Users who were the recipient of “failed attacks” might see emails displaying the fairly common, “this message has content” warning. Affected users wouldn’t notice any changes on their device other than “a temporary slowdown” of the Mail app, ZecOps said. The flaws existed since iOS 6, the company says.

While the flaws were “triggered in-the-wild,” according to ZecOps, it said the bugs alone “cannot cause harm to iOS users – since the attackers would require an additional infoleak bug & a kernel bug afterwards for full control over the targeted device.” In its statement, Apple said it has “found no evidence they were used against customers.”

Apple said the vulnerabilities will be addressed in an upcoming software update and has already provided a beta patch in IOS 13.4.5 that ZecOps confirms fixes the issue. If you want to install the patch before its public release, you can join Apple’s iOS Public Beta program.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Appleios

Events

SustainTech

Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

WIICTA 2023

ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments