Apple Email App Vulnerabilities Found in Over Half a Billion Devices
Apple Email App Vulnerabilities in iPhone and iPad were reported by ZecOps, a mobile security forensics company on April 20, 2020. These vulnerabilities have existed since the release of iPhone 5 in September of 2012. The vulnerabilities allows attackers to remotely infect a device by sending emails. Attacks inserted into emails can allow remote code execution by consuming device memory resources.
ZecOps also reported that attackers may have used these vulnerabilities against a Fortune 500 organization, “an executive from a carrier in Japan” and “a journalist in Europe”. It concluded that these attacks were conducted by “an advanced threat operator”.
Apple Debates Exploitation of Flaws
Although Apple has acknowledged the vulnerabilities, it has countered claims that that these flaws were exploited. An Apple representative was quoted by Reuters as stating that “these issues do not pose and immediate risk to our users”. A patch is planned to be released to remedy the issues. A beta update has already been released.
Possible Interim Security Measures
It can be surmised that if attacks are occurring that they will increase in frequency until patches are released. Therefore, it may be advisable to access emails on effected devices until the required updates are available. This news is unfortunately developing at a time when larger numbers of people are working remotely and are accessing business emails in a potentially unsafe manner.
Apple mobile devices have generally had a good reputation for security and are used by many businesses. There have however, been previous flaws that have exposed user data. Because no platform is free from such flaws business IT departments should carefully select email apps and protocols to protect vital data.
Studies have shown that a majority of businesses have not achieved a sufficient cybersecurity maturity level. This is especially distressing considering that the level of cyber attacks are growing and that businesses are primary targets. CVG Strategy is committed to helping businesses secure their vital data. We can assist businesses in establishing effective Information Security Management Systems (ISMS) through the implementation of ISO 27001. Contact us with your questions.