Advertisement

Report: Default Apple email app vulnerable to '0-click' attacks

Report: Default Apple email app vulnerable to '0-click' attacks
San Francisco-based cybersecurity firm ZecOps reported that Apple's default iOS email app has a security flaw making it vulnerable to attacks that don't require victims to click a link or download a file. Photo by Keizo Mori/UPI | License Photo

April 23 (UPI) -- Apple's default email app for iPhones and iPads contains a flaw that makes it vulnerable to hackers, according to a report by a San Francisco cybersecurity firm.

The report by ZecOps released Wednesday states that the Mail app -- which comes standard on products that run Apple's iOS operating system -- is vulnerable to "0-click" attacks. Such email-based cyberattacks are unique in that they don't require the victim to download a file or click an infected link.

Advertisement

"The attack's scope consists of sending a specially crafted email to a victim's mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS13," the report states.

ZecOps said the vulnerability allows hackers to remotely execute code on victims' devices and allows them to infect a device by sending emails that consume a significant amount of memory.

RELATED Apple unveils new, but familiar, iPhone SE

The firm added it believes attacks using the exploit has been used against six targets including individuals from a Fortune 500 company in North America, a Japanese mobile carrier and a journalist in Europe.

Victims of the exploit may notice a slowdown of the Mail application or sudden crashes but would not otherwise experience any anomalous behavior.

Advertisement

Failed attacks would result in an email with the message: "This message has no content." However, a failed attack may go unnoticed if the attacker is able to carry out a successful attack and delete the email.

RELATED Apple unveils mobility data tool to help prevent spread of COVID-19

The exploit was discovered in all tested versions of iOS from the current version of iOS13 to iOS6, which was issued when the iPhone 5 was released, the report stated.

ZecOps recommends that users disable the Mail app until a patch is available and said that other email applications available on iOS devices such as Outlook and Gmail do not share the vulnerability.

RELATED COVID-19: Apple, Google partner on Bluetooth contact tracing

Latest Headlines

Advertisement
Advertisement

Follow Us

Advertisement