{"id":12819,"date":"2020-04-23T09:00:30","date_gmt":"2020-04-23T16:00:30","guid":{"rendered":"https:\/\/www.privateinternetaccess.com\/blog\/?p=12819"},"modified":"2021-07-29T06:44:04","modified_gmt":"2021-07-29T13:44:04","slug":"zecops-discovers-current-ios-mail-app-vulnerability-that-has-been-exploited-in-the-wild","status":"publish","type":"post","link":"https:\/\/www.privateinternetaccess.com\/blog\/zecops-discovers-current-ios-mail-app-vulnerability-that-has-been-exploited-in-the-wild\/","title":{"rendered":"ZecOps discovers current iOS mail app vulnerability that has been exploited in the wild"},"content":{"rendered":"

A zero-click security vulnerability has been found that leaves hundreds of millions of iPhones and iPads vulnerable to remote code execution. The vulnerability affects iOS 13 through the MobileMail app. The same security vulnerability exists in iOS 12 through the maild app, but requires the target to click on the email. The security vulnerability allows an attacker to essentially take over your iPhone or iPad by sending a specific type of email that is then processed automatically by Apple\u2019s Mail App. This type of vulnerability is known as a heap overflow vulnerability. Apple is working on a fix that will be released with the next public update to iOS 13. In the meantime, iPhone and iPad users are vulnerable as it\u2019s impossible for the default Mail App daemon to be turned off without rooting your iOS device. The vulnerability was discovered by security firm ZecOps<\/a>. In their blogpost, they summarized the issue:<\/p>\n

\u201cThe vulnerability allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory.\u201d<\/p><\/blockquote>\n

Mail App vulnerability has existed for years, and has been exploited in the wild<\/h2>\n

According to ZecOps, this Mail App vulnerability has existed since iOS 6 \u2013 at least. It\u2019s entirely possible that earlier versions of iOS were vulnerable to the same exploit, but the researchers haven\u2019t tested it. The earliest confirmed use of this exploit dates back to January 2018 and occurred on iOS 11. Users targeted with this attack wouldn\u2019t notice anything besides a temporary slowdown of their mail app. If the attack attempt fails, the iOS device would show the following error message:<\/p>\n

\u201cThis message has no content.\u201d<\/p><\/blockquote>\n

Which is a message that most iPhone and iPad users have seen before and are comfortable ignoring without being concerned. Based on their research, ZecOps is confident in saying that this vulnerability has been exploited in the past years and specifically noted that the following have been hacked due to this vulnerability:<\/p>\n