Identified by the security company ZecOps, this significant vulnerability, which has existed for years, concerns more than half a billion iPhones and iPads. Apple has indicated that a patch will be deployed in the coming days.
The iOS Mail application affected by a major security flaw
Based at San Francisco, the mobile security company ZecOps said it identified the flaw while investigating a sophisticated cyber attack on one of its customers late last year. Following this announcement, an Apple spokesperson admitted that a vulnerability existed for the application Mail, available on iPhone and iPad, and that a fix was being developed. According to the Californian firm, it should be deployed in the coming days in the form of an update.
Zuk Avraham, CEO of ZecOps, said that users targeted by hackers receive a seemingly blank email message through the app Mail, whose opening caused a crash followed by a reset of the application, through which the flaw was created. According to him, this vulnerability allowed hackers to steal different types of data (private messages, photos, contact details …) on iPhone and iPad targeted whether or not they use recent versions ofiOS.
Hundreds of millions of affected devices
Researchers from ZecOps said they based most of their findings on data from ” crash reports Generated when programs crashed in the middle of a task, which allowed them to recreate an approach causing controlled crashes. All versions of the softwareApple released since 2012 would be affected by this bug, which would represent hundreds of millions of millionsiPhone and D’iPad.
The security company believes that the recently detected vulnerability has undoubtedly been exploited for years by independent hackers as well as state agencies with a high technical level in cyber attack, and that it would have been used in particular to attack almost undetectable to public figures or VIP targets since 2018. Very rare in Apple, the company having built its reputation on the security of its devices, this type of flaw would be worth up to a million dollars on the black market.
While waiting for the release of the patch, it is obviously recommended to consult your emails via the applications Gmail or Outlook.