A massive iOS security hole has been detected which can impact every iPhone in the world—both old and new.
Apple has confirmed the problem as real following the publication of a report from security firm ZecOps. The report claimed that every iPhone running a version of iOS 6 or newer is vulnerable to remote attacks.
The findings by ZecOps indicate that this is a serious eye-opening vulnerability running through 8 iOS generations (iOS 6 was released in September 2012).
ZecOps discovered a serious vulnerability in Apple’s iOS Mail app.
This vulnerability allows an attacker to remotely infect an iPhone and gain control over the user’s inbox.
These triggers have been happening for more than two years, with the first trigger detected in January 2018. In addition, ZecOps found that the attacks can happen without an iPhone owner’s knowledge.
The catch here is that the attacks are easier to perform on iOS 13 than previous generations of iOS. ZecOps explained that with iOS 12, an attacker requires the iPhone user to open a malicious email. But with iOS 13, it can be triggered unassisted simply from the Mail app being opened in the background.
ZecOps suggested disabling the Mail app and using a third-party app instead. ZecOps found both Outlook and Gmail are not vulnerable to the attack.
After this security hole came to the fore, Apple, on April 25, talked issued a statement on this security breach.
In an official statement, Apple understated ZecOps’ findings, saying: “Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance”.