Detecting extremely serious vulnerabilities that allow hacking iPhone just by sending email, victims who are not open are also attacked
According to cybersecurity researchers at ZecOps, the aforementioned vulnerabilities are related to out-of-bound write and remote heap overflow, one of which is the " zero-click "extremely dangerous, can be taken advantage of without any interaction from people who receive email.
Both remote code execution errors that are located in the email client's MIME library can be triggered while processing email content. These errors have existed for the past 8 years, since iOS 6 was released, and affect the latest iOS 13.4.1.
More worrying is that many hacker groups have been taking advantage of these errors for at least the past 2 years to target individual users working in various fields and organizations, MSSP different from Saudi Arabia. Saudi and Israel, to journalists in Europe.
" With a very limited amount of data, we were able to see at least 6 organizations affected by this vulnerability - and the scale of the impact was extremely large, " the researchers said. .
" Although ZecOps has not yet confirmed that these attacks have been carried out by a specific individual, we are aware that at least one 'mercenary hacker' organization is selling tools that take advantage of related vulnerabilities. email address ".

According to the researchers, it is difficult for Apple users to know whether they have been targeted by other cyber attacks, because hackers immediately deleted the malicious email after gaining remote access. victim's device.
"It is worth noting that, although the data confirming that the abused emails were received and processed by the victim's iOS device, the corresponding emails that should have been received and stored on the email server disappear. Therefore, we anticipate that these emails were intentionally deleted as part of the site cleanup plan after an attack, "the researchers said.
" In addition to a temporary slowing down of the mobile email application, users will not observe any other unusual behavior ."
After successfully exploiting the flaw, the hacker will run a malicious code alongside the MobileMail or Maild application, allowing them to " leak, edit, and delete emails ". However, to take full control of the device remotely, a hacker needs to combine it with another security hole in the system kernel.
ZecOps discovered the above vulnerabilities and attacks almost two months ago and reported it to Apple's security team.
So far, only the iOS 13.4.5 beta version that was released last week contains other security patches that address both of these zero-day vulnerabilities.
For iPhone and iPad users in general, they will soon receive a software patch in the upcoming iOS update. But in the meantime, it's best not to use the built-in email app, instead use Outlook or Gmail.
You should read it
- How to Block Email Addresses on iPhone
- How to add links to email signatures on iPhone and iPad
- How to save email as PDF on iPhone
- Instructions to hide email addresses on iPhone with virtual email
- How to use Spark application to manage email on iPhone
- How to set up automatically delete emails from blocked sender on iPhone
- iPhone is stuck with a dangerous security error
- Appearing fake email donated free iPhone 5S
May be interested
- Experience the fast Magic Keyboard of iPad ProMacBookmagic keyboard is the keyboard for 11-inch ipad versions. the back of the box prints several 'poses' that this magic keyboard can be adjusted when used.
- OPPO A72 launched: Perforated screen, Snapdragon 665, 4 cameras, 5000mAh batteryoppo a72 can be considered as a slight upgrade version of the camera and storage memory of the new a52 launched yesterday.
- Xiaomi is about to launch the world's cheapest 5G smartphonethus, the day when 5g technology becomes as popular as 4g today will not be far away.
- This is why Galaxy Fold 2 will have to have two 120Hz screensequipping both monitors with the same 120hz refresh rate will make the galaxy fold 2 user experience unaffected.
- Xiaomi will launch Mi 10 Youth Edition with a 50x zoom camera and MIUI 12 on April 27besides mi 10 youth edition, xiaomi will also launch miui 12 during the event held in china on april 27.
- If this feature is real, Apple will take the iPad to a new levelit is likely that the ipad will support xcode, apple's software development environment, allowing users to program it right on this device.