Apple fixes critical iOS vulnerability that hackers used to steal private data for years

By Digit NewsDesk | Published on 24 Apr 2020
Apple fixes critical iOS vulnerability that hackers used to steal private data for years

Apple's default Mail app vulnerable to attacks

Apple issues patch in iOS 13.4.5 beta update

Apple to release public update soon


IBM Developer Contest

Take the quiz to test your coding skills and stand a chance to win exciting vouchers and prizes upto Rs.10000

Click here to know more

[Update: Apple, in a statement to Bloomberg said, "We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”] 

Apple has released an iOS patch that fixes a critical flaw that allowed hackers to gain access to your iPhone or iPad and your private data. This particular flaw left more than a billion iPhones at potential risk of exploitation by unauthorized users. The flaw was discovered only recently but is said to be present in iPhones dating back to iOS 6 that was launched in 2012.

The vulnerability was first discovered by ZecOps, a San Francisco based cybersecurity firm who was looking into a security breach at the behest of a Fortune 500 company in North America. In a blog post, the company details the flaw that could have been used by hackers from years now.

Default iOS Mail app found at risk

The default iOS Mail app, in this case, was found to be vulnerable and could be exploited by creating and sending a special mail that triggered the flaw causing your iPhone or iPad to completely shut down. What’s also surprising about this security flaw is that the mail doesn’t need to be read by the receiver and is, therefore, a qualified to be called an unassisted attack.

ZecOps says that the security flaw can grant remote code execution (RCE) capabilities to intruders infecting the device by sending emails. These emails aren’t large but are powerful enough to consume a lot of RAM sending the device into a frenzy. This leads to a potential crash after which the intruders can access the victim's private data and more. The attackers also have the access to reset you iPhone leaving all the data in the air.

The company has revealed that this particular vulnerability has been triggered previously and the suspected target list includes people from a Fortune 500 company, a German VIP, security service providers in Saudi Arabia and Israel, a European journalist and an executive of a carrier company in Japan.

Apple has recently acknowledged the security risk and has issued a patch in iOS 13.4.5 beta update that’s said to be rolled out publically in the coming weeks. Till the time your iOS device isn’t running on the patched version, you can consider disabling the default Mail app on your iPhone or iPad and wait for the latest iOS 13.4.5 update.

Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry. Protection Status