Apple Mail security flaw found that could have left your iPhone exposed for years
An security flaw in Apple Mail for iOS has reportedly been discovered, amid claims that it could have been present for many years.
Security research firm, ZecOps, published a report revealing a vulnerability that could affect iPhone and iPad users seems to have existed since 2012.
It claims that Apple Mail for iOS 6 (released with the iPhone 5) has exhibited the same security flaw as recently found in iOS 13.
The "zero-click" vulnerability essential allows an attacker to access personal data without the user's knowledge, by sending a single or series of emails that consume a significant amount of the phone or tablet's RAM.
"The vulnerability can be triggered before the entire email is downloaded, hence the email content won’t necessarily remain on the device," wrote ZecOps in its report.
It allegedly found the security flaw after several iPhone users reported unusual device failures.
As a zero-click vulnerability, Apple will not have previously known about the issue. But thanks to the security company's findings, Apple is in the process of rolling out a fix.
It has already enforced a patch as part of its April beta version of iOS. Indeed, if you are worried about the vulnerability, you can download the latest beta software yourself - or use an alternative email app.
"To mitigate these issues - you can use the latest beta available. If using a beta version is not possible, consider disabling the Mail application and use Outlook or Gmail that are not vulnerable," said ZecOps.
from Pocket-lint https://ift.tt/3avVYrt
via IFTTT
No comments: