Apple has now denied that a shortcoming in its email app leaves half a billion users vulnerable to hackers
They were responding to publicity that a defect in its iPhone & iPad mail app may make their devices vulnerable to hackers.
iPhones and iPads
This claimed a problem in iPhones and iPads may have allowed hackers to take data from over half a billion devices for many years, maybe going back to Jan. 2018. The vulnerability which was discovered in San Francisco by ZecOps, appears to allows remote code execution capabilities & enables attacker to remotely infect the device through sending emails, that go on to take up a large amount of memory, warns the security firm.
Say researchers, these vulnerabilities lead to widely exploited targeted attacks by bad players to target VIPs, executive management across many industries, individuals from US Fortune 2000 companies, as well as the smaller organisations.
Apple has acknowledged that a vulnerability does exists in Apple’s software for email on iPhones & iPads, known as the ‘Mail app’, & that the company had developed a fix, which will be rolled out in a upcoming update of millions of its devices worldwide.
In a statement to the press, Apple said that it had thoroughly investigated the report & “based on the information provided & have concluded these issues do not pose an immediate risk to our users.”
“The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers,” the firm claimed.
Jake Moore, Cyber-Security Specialist at ESET, stated that when extremely unique attacks like this appear, it can be very distressing for both for the users & for the brand.
“Apple pride themselves on their security – and often mention that its on-board protection is sufficient. However, when exceptional hacks like this emerge, which have been immune for years, it is somewhat disconcerting at how easy it seems to have been to remotely ex-filtrate private data from Apple devices,” he cautioned.
“For complete remote access to occur under-the-radar, this flaw will most likely have been exploited for highly targeted attacks on high profile victims. Although this is a very professionally designed secret hack, it is unlikely that it was used en-masse. Some flaws are kept even further underground amongst cyber-criminals, who keep certain exclusive vulnerabilities to themselves, so that law enforcement & developers are kept in the dark – hence this particular defect has not been spotted for years.”
Chris Boyd, Lead Malware Intelligence Analyst at Malwarebytes, stated that any attack where no device owner interaction is required for tricks, is always threatening.
“What’s important when these attacks happen is how a vendor responds to the vulnerability & so it’s good to see Apple making moves to fix this. It appears the attacks may have been restricted to extremely specific targets, so although it sounds bad, regular iPhone users likely don’t have too much to fear from this,” he further advised.
It seems likely that this particular controversy may continue, because of its possible implications.