Zero-Day Security Flaw Allows Hacker To Hack Iphones With A Mail
Once Again a Bad News for Iphone users, A new security flaw is founded in default mail app installed by Apple in their devices. It is vulnerable by two vulnerabilities since the time of IOS 6 and currently 13.4.1 is latest update from Apple. The Hackers are spying from last 2 years on High Profile victims who had logged into vulnerable application and apple has no idea about this.
These security flaws allows hacker to remote control over the victims device by just send a mail without the user intervention. According to cybersecurity researchers at ZecOps, The Remote Code Execution (RCE) resides in MIME Libary of Apple’s vulnerable mail app. So the first flaw is caused due to out-of-bounds write bug and second was heap overflow issue.
Both Security Flaws are vulnerable in mail contents and the second flaw that is heap overflow issue is more dangerous as it can be exploit without any user interaction or without any click which is probably more dangerous.
“With very limited data, we were able to see that at least six organizations were impacted by this vulnerability – and the full scope of abuse of this vulnerability is enormous,” the researchers said.
“Besides a temporary slowdown of a mobile mail application, users should not observe any other anomalous behavior.”
ZecOps doesn’t mention that what type of malware can be used to attack on victims and exploiting those flaws with combination of other kernel issues can allows hackers to complete spy on their victims.
Patch is Not Released by Apple
After finding security flaws in Apple by Researchers were immediately reported to Apple Security Team before two months ago. and a new update was released last week of beta 13.4.5 of iOS which contains patches of both zero-day exploits. Once the beta version of 13.4.5 goes public and available for all devices will solve the problem
Till now, Apple users are strongly recommended to use other mailing apps like google and outlook at the place of Apple Default Mail.
0 Comments
Do Note send any spam link
Emoji