Apple has always thumped its back when it comes to the security it offers in its devices. However, today, security researchers have discovered two new zero-day flaws in the default mailing app in more than 2 billion iPhones and iPads.
Security researchers at ZecOps have revealed two zero-click, zero-day flaws that could have been used by hackers to compromise high-profile iPhone users simply by sending an email to them. The first vulnerability is an out-of-bounds write bug, whereas the second flaw is a heap overflow issue as per a report by the researchers.
To exploit the bugs, an attacker needs to send a specially crafted email that consumes a significant amount of memory, forcing the app to crash and rest. The attacker then could take control of the target iOS device remotely to steal information.
Notably, the second bug is a zero-click bug, meaning that hackers can target a victim without requiring any user interaction. This makes it even easier to exploit. Moreover, the user won’t notice any suspicious behavior while the flaw is being exploited.
Zecops
Security researchers further said that they have found the flaws affecting even older iOS versions, as old as iOS 6. The flaws have been actively exploited in the wild to target VIP users including:
Employees of Fortune 500 companies in North America
A journalist in Europe
A VIP from Germany
MSSPs from Saudi Arabia and Israel
An executive working at Japan’s carrier company
An executive working at a Swiss company
Apple has been informed about the critical zero-day flaws, and the iPhone maker company is already testing an iOS beta update containing the fix. The company is e ..
Support the originator by clicking the read the rest link below.
