Zero-click, zero-day flaws in iOS Mail 'exploited to hijack smartphones
ZecOps bods this week claimed the bugs are buried within the iOS Mail application, and can be abused to achieve remote code execution without the victim ever needing to open a booby-trapped message. The device just has to receive and process the incoming email, specially crafted to exploit Apple's programming blunders, and malicious code embedded in the message will be executed. This code can then potentially snoop on and meddle with the victim's online activities.
This is only for iPhones and iPads, MacBooks and iMacs are not affected.
The bugs have been present in iOS since version 6, released in 2012. ZecOps said it noticed hackers exploiting the weaknesses in January 2018 in version 11.2.2. Now they have determined iOS 13.4.1 and below are all vulnerable. iOS 13 is the latest major version officially available.
Our Federal Office for Information Security recommends to uninstall the mail app for any iPhone and iPad and/or turn off the synchronization feature and to continue to deal with your mails either via the web or on a desktop.
The suspected targets included: Individuals from a Fortune 500 organization in North America An executive from a carrier in Japan A VIP from Germany MSSPs from Saudi Arabia and Israel A Journalist in Europe Suspected: An executive from a Swiss enterprise