Originally by Sami on April 22, 2020:
Their report says that it has found 6 main targets for the attack ranging from telecommunication companies employees in the US, Japan, Israel, and others. Despite finding the attack, they have not been able to look at the code itself, but what is the hack?
Typical email attacks require users to download a file, click a link and visit a website, this one just requires the user to open the email, once the email is opened, it’s deleted. Right now, if you are on the latest iOS beta, you are safe as it seems to patch the exploit, but the latest public release does not seem to fix it. It’s no surprise its been fixed in the latest beta, Apple offers upwards of $1.5 million for people who found issues in their system pertaining to security allowing the company to fix these things quicker.
Updated by Ethan H on April 23, 2020:
Yesterday, cybersecurity group ZecOps announced their discovery of a vulnerability that allows hackers to access an iPhone through the stock Mail app.
Now, jailbreakers are starting to realize that they are most at risk due to staying on lower firmware as this vulnerability is very relevant on lower firmware as every version of iOS is currently vulnerable starting all the way from iOS up to the latest public release.
Apple did patch this vulnerability in the latest iOS 13.4.5 beta.
So you’re probably saying “Well, what does this mean for jailbreakers & those with phones that are no longer supported?”
Your best bet is more than likely to just delete the stock mail app all-together. Even though to be attacked by this vulnerability you have to actually open the email that contains it, it’s best to completely stay away from the app.
Also, we don’t know much on at what level this vulnerability can be used at, as stated by TARDISinScarlet on Reddit:
“Since no one is talking about this, this exploit only allows a hacker access to your emails. they say they suspect that paired with another exploit, this could possibly allow full kernel access, but this is entirely speculative and completely unconfirmed. quite frankly, if what they suggest was possible, its Very unlikely that you would be targeted by anyone with knowledge of this secret second exploit (or the first one until their POCs are released, for that matter).”
As far as we know, this only gives access to your emails but paired with other exploits, we don’t know how powerful it can be without seeing a POC.
This page will be updated to show the most up to date news. To stay up to date, follow us on Twitter!