[Update: Apple, in a statement to Bloomberg said, "We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”]
Apple has released an iOS patch that fixes a critical flaw that allowed hackers to gain access to your iPhone or iPad and your private data. This particular flaw left more than a billion iPhones at potential risk of exploitation by unauthorized users. The flaw was discovered only recently but is said to be present in iPhones dating back to iOS 6 that was launched in 2012.
The vulnerability was first discovered by ZecOps, a San Francisco based cybersecurity firm who was looking into a security breach at the behest of a Fortune 500 company in North America. In a blog post, the company details the flaw that could have been used by hackers from years now.
The default iOS Mail app, in this case, was found to be vulnerable and could be exploited by creating and sending a special mail that triggered the flaw causing your iPhone or iPad to completely shut down. What’s also surprising about this security flaw is that the mail doesn’t need to be read by the receiver and is, therefore, a qualified to be called an unassisted attack.
ZecOps says that the security flaw can grant remote code execution (RCE) capabilities to intruders infecting the device by sending emails. These emails aren’t large but are powerful enough to consume a lot of RAM sending the device into a frenzy. This leads to a potential crash after which the intruders can access the victim's private data and more. The attackers also have the access to reset you iPhone leaving all the data in the air.
The company has revealed that this particular vulnerability has been triggered previously and the suspected target list includes people from a Fortune 500 company, a German VIP, security service providers in Saudi Arabia and Israel, a European journalist and an executive of a carrier company in Japan.
Apple has recently acknowledged the security risk and has issued a patch in iOS 13.4.5 beta update that’s said to be rolled out publically in the coming weeks. Till the time your iOS device isn’t running on the patched version, you can consider disabling the default Mail app on your iPhone or iPad and wait for the latest iOS 13.4.5 update.