This post was originally
published on April 23
Apple has launched the
best iPhone of 2020, but now millions of iPhone owners-both old and new-need to
be cautious because the company has just reported a huge iOS security hole that
affects virtually every iPhone on the planet.
A serious new iOS hack
affects virtually every iPhone, and has been running for years.
Ø Google Just Gave Millions of Users a Reason to Quit Windows
10
Ø One Cute Little iOS Trick Has Transformed How I Use My
iPhone
Ø Apple Watch Turns 5: Landmark Moments & What’s Coming
Next
Following the publication
of a shocking study by security company ZecOps (covered here by Forbes),
suggesting that any iPhone running an iOS 6 or newer version is vulnerable to
remote attacks, Apple has now acknowledged that the issue is genuine.
Apple has now gone one
step further in addressing this breach of security and it has met with a
controversial response. The company played down the findings of ZecOps in an
official statement, saying: "Apple takes all allegations of security
threats seriously. They have thoroughly investigated the study of the
researcher and determined that these concerns do not pose an immediate risk,
based on the information provided. The researcher detected three issues in
Mail, but they alone are inadequate to circumvent security protections for
iPhone and iPad, and we found no proof that they were used against customers.
These potential problems will soon be solved in an upgrade to the app. We
appreciate our work with security researchers to help keep our users secure and
will give the researcher credit for their assistance.
In response, ZecOps stood
by its report and issued its own answer disputing the assertion from Apple. It
wrote: "There were in-the-wild causes for this vulnerability on a few
organizations according to ZecOps data. We want to thank Apple for working on a
fix, and we look forward to updating our devices once it's available. ZecOps
will release more information and POCs once a fix is available." This
additional information would make it interesting to read once iOS 13.4.5 is
released. This story is apparently far from over.
And what are we up
against? What ZecOps has found is a significant flaw in Apple's iOS Mail
software that enables an intruder to hack an iPhone remotely and gain control
of its inbox. Furthermore, not only did ZecOps notice that the attacks can take
place without the knowledge of an iPhone user, but they have been taking place
for more than two years, with the first attack found in January 2018
afterwards.
Then there's another
kicker: ZecOps found the attacks on iOS 13 are easier to execute than previous
iOS generations. For instance, ZecOps explains that an attacker needs that the
iPhone user opens a malicious email with iOS 12. But with iOS 13, unassisted
can be activated simply from the opening in the context of the Mail app.
0 Comments