Apple iOS Mail app flaw left devices open to hackers

Reports have surfaced indicating that Apple has a serious flaw in the Mail app that's on numerous iPhone and iPad devices. The bug was discovered by a security firm called ZecOps while investigating a sophisticated cyberattack against a client that took place in late 2019. During the investigation, ZecOps CEO Zuk Avraham said that he found evidence the vulnerability was exploited in at least six cybersecurity attacks. Apple has now acknowledged the vulnerability exists in software for email on both iPhone and iPad models.

An Apple spokesperson says that the company is working on a fix that will be rolled out in an update for the millions of devices sold globally. The research into the flaw was published this week, and Apple has made no comment so far. Avraham says the software was taking advantage of the flaw in iOS as far back as January 2018. The researcher claims to have been unable to determine who the hackers were.

The hack required victims to be sent what appeared to be a blank email through the Mail app that forced it to crash and reset. The crashed app opened the door for hackers to steal other data on the device like photos and contact details. The security firm claims that the vulnerability would allow the hackers to steal data from the iPhone device even if the iPhone is running recent versions of iOS.

The flaw in the Mail app could give hackers access to all information that the Mail app itself had access to, including confidential messages. Avraham suspects that the hack was part of a chain of malicious software that could give an attacker full remote access to the Apple device. The remainder of the malicious software remains undiscovered. Security researchers found evidence of related attacks against employees of five other major companies spread around the world. A recent iPhone 12 rumor claims the smartphone will continue without USB-C.