The iOS exploit in the discussion is being used by hackers since 2018 but it existed since 2012.
Just yesterday it was reported that alleged Chinese state-sponsored hackers have been exploiting a critical vulnerability in iOS to spy to Uyghurs Muslim minority in China. Now, in a new report published by security firm Zecops, it has been found out that a bug in iOS is being exploited by hackers since at least January 2018.
Termed as a zero-day exploit; the vulnerability exists in the default iOS mail app allowing the exploit to run when users open the app or even when a specially crafted email for this purpose is received without any interaction by the user in some cases.
See: Fake Coronavirus apps hit Android & iOS users with spyware, adware
According to the researchers, “the vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13),” with 6 of the victims identified by Zecops believed to be high profile ones:
Individuals from a Fortune 500 organization in North America
An executive from a carrier in Japan
A VIP from Germany
Managed Security Service Providers(MSSPs) from Saudi Arabia and Israel
A Journalist in Europe
Suspected: An executive from a Swiss enterprise
If the attackers managed to be successful, they can potentially leak, delete, or modify the emails which can have serious consequences.
Moreover, if they managed to get their hands on an “additional kernel vulnerability,” this can ..
Support the originator by clicking the read the rest link below.
