Detecting extremely serious vulnerabilities that allow hacking iPhone just by sending email, victims who are not open are also attacked
According to cybersecurity researchers at ZecOps, the aforementioned vulnerabilities are related to out-of-bound write and remote heap overflow, one of which is the " zero-click "extremely dangerous, can be taken advantage of without any interaction from people who receive email.
Both remote code execution errors that are located in the email client's MIME library can be triggered while processing email content. These errors have existed for the past 8 years, since iOS 6 was released, and affect the latest iOS 13.4.1.
More worrying is that many hacker groups have been taking advantage of these errors for at least the past 2 years to target individual users working in various fields and organizations, MSSP different from Saudi Arabia. Saudi and Israel, to journalists in Europe.
" With a very limited amount of data, we were able to see at least 6 organizations affected by this vulnerability - and the scale of the impact was extremely large, " the researchers said. .
" Although ZecOps has not yet confirmed that these attacks have been carried out by a specific individual, we are aware that at least one 'mercenary hacker' organization is selling tools that take advantage of related vulnerabilities. email address ".

According to the researchers, it is difficult for Apple users to know whether they have been targeted by other cyber attacks, because hackers immediately deleted the malicious email after gaining remote access. victim's device.
"It is worth noting that, although the data confirming that the abused emails were received and processed by the victim's iOS device, the corresponding emails that should have been received and stored on the email server disappear. Therefore, we anticipate that these emails were intentionally deleted as part of the site cleanup plan after an attack, "the researchers said.
" In addition to a temporary slowing down of the mobile email application, users will not observe any other unusual behavior ."
After successfully exploiting the flaw, the hacker will run a malicious code alongside the MobileMail or Maild application, allowing them to " leak, edit, and delete emails ". However, to take full control of the device remotely, a hacker needs to combine it with another security hole in the system kernel.
ZecOps discovered the above vulnerabilities and attacks almost two months ago and reported it to Apple's security team.
So far, only the iOS 13.4.5 beta version that was released last week contains other security patches that address both of these zero-day vulnerabilities.
For iPhone and iPad users in general, they will soon receive a software patch in the upcoming iOS update. But in the meantime, it's best not to use the built-in email app, instead use Outlook or Gmail.
You should read it
- How to Block Email Addresses on iPhone
- How to add links to email signatures on iPhone and iPad
- How to save email as PDF on iPhone
- Instructions to hide email addresses on iPhone with virtual email
- How to use Spark application to manage email on iPhone
- How to set up automatically delete emails from blocked sender on iPhone
- iPhone is stuck with a dangerous security error
- Appearing fake email donated free iPhone 5S
May be interested
- What is Cc, Bcc email? How to distinguish?when sending an email (using gmail for example), if you pay close attention, we will see that there are 2 sections that are always displayed in the to (send to) section of cc and bcc. however, not everyone knows what they are, how they function and the differences between them. therefore, in the article below, tipsmake.com will partly help you answer those questions.
- How to Email Photos from a Cell Phonesending photos from a smartphone via email is quite easy. typically, you'll use two apps, one to browse your camera roll and one to send email. on your android phone, you can use the gmail and photos apps (or the photo gallery app you usually use to view photos on your phone). as for the iphone, we will use the mail and photos applications.
- How to turn off sending SMS messages on iPhonethe messages app on iphone has a feature that automatically sends imessages as sms. if you find this feature annoying, turn it off according to the instructions below from network administrator.
- How to fix iPhone email not updatingif your iphone email isn't updating, there could be a number of issues. these include incompatible system settings, software issues, differences in email protocols, etc.
- How to send email from Excel spreadsheet with VBA scriptsending emails from microsoft excel requires only a few simple scripts. add this function to a spreadsheet and you can really make the most of all features in excel.
- Fix common problems when email is not sentwhen encountering email errors when sending, you should carefully read the details of the error messages included in the email to find solutions. the following article will help you fix some of the most common errors.
- 4 tools to detect phishing emailsemail phishing is no longer as simple as it used to be. scammers are now tech-savvy criminals who leverage advanced tools to scam victims.
- Instructions for using email manager Nylas N1currently, almost everyone owns several different email addresses and as such, when checking email, they will have to open different email services and then log in each account will take a lot of time. therefore, the right solution here is to use the email manager on your computer, you only need to log in your email accounts, then every time you need to use, you only have to open the application to be accomplished.
- Send Email using PHPphp must be configured correctly in the php.ini file with details about how your system sends email. open php.ini available in the / etc / directory and find the section that starts with [mail function].
- How to add and delete Email accounts on Mac, iPhone and iPada user often has multiple email accounts such as personal email, work email, etc., and it is convenient to check all your email accounts on your computer and mobile device.