Detecting extremely serious vulnerabilities that allow hacking iPhone just by sending email, victims who are not open are also attacked
According to cybersecurity researchers at ZecOps, the aforementioned vulnerabilities are related to out-of-bound write and remote heap overflow, one of which is the " zero-click "extremely dangerous, can be taken advantage of without any interaction from people who receive email.
Both remote code execution errors that are located in the email client's MIME library can be triggered while processing email content. These errors have existed for the past 8 years, since iOS 6 was released, and affect the latest iOS 13.4.1.
More worrying is that many hacker groups have been taking advantage of these errors for at least the past 2 years to target individual users working in various fields and organizations, MSSP different from Saudi Arabia. Saudi and Israel, to journalists in Europe.
" With a very limited amount of data, we were able to see at least 6 organizations affected by this vulnerability - and the scale of the impact was extremely large, " the researchers said. .
" Although ZecOps has not yet confirmed that these attacks have been carried out by a specific individual, we are aware that at least one 'mercenary hacker' organization is selling tools that take advantage of related vulnerabilities. email address ".
According to the researchers, it is difficult for Apple users to know whether they have been targeted by other cyber attacks, because hackers immediately deleted the malicious email after gaining remote access. victim's device.
"It is worth noting that, although the data confirming that the abused emails were received and processed by the victim's iOS device, the corresponding emails that should have been received and stored on the email server disappear. Therefore, we anticipate that these emails were intentionally deleted as part of the site cleanup plan after an attack, "the researchers said.
" In addition to a temporary slowing down of the mobile email application, users will not observe any other unusual behavior ."
After successfully exploiting the flaw, the hacker will run a malicious code alongside the MobileMail or Maild application, allowing them to " leak, edit, and delete emails ". However, to take full control of the device remotely, a hacker needs to combine it with another security hole in the system kernel.
ZecOps discovered the above vulnerabilities and attacks almost two months ago and reported it to Apple's security team.
So far, only the iOS 13.4.5 beta version that was released last week contains other security patches that address both of these zero-day vulnerabilities.
For iPhone and iPad users in general, they will soon receive a software patch in the upcoming iOS update. But in the meantime, it's best not to use the built-in email app, instead use Outlook or Gmail.
You should read it
- Instructions for setting up an email account on iPhone (SMTP / IMAP / POP3)
- How to add and delete Email accounts on Mac, iPhone and iPad
- How to Block Email Addresses on iPhone
- How to add links to email signatures on iPhone and iPad
- How to save email as PDF on iPhone
- Instructions to hide email addresses on iPhone with virtual email
- How to use Spark application to manage email on iPhone
- How to set up automatically delete emails from blocked sender on iPhone
- iPhone is stuck with a dangerous security error
- Appearing fake email donated free iPhone 5S
- How to add additional email for FaceTime and Messages application on iOS 11
- How to set up Exchange Email, calendar and contacts on iPhone and iPad
Maybe you are interested
Fix the error of not being able to download attachments when sending Email
How to check if email is still working?
4 tools to detect phishing emails
Email threatening to reveal private data from Microsoft may be a scam
3 Ways to Turn Off Voicemail on iPhone
5 Reasons People Prefer Password Login Over Email