Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The Mail app on iOS has serious vulnerabilities
Security researchers at ZecOps have discovered two serious vulnerabilities that exist on the default Mail application pre-installed on millions of iPhones and iPads.
These two vulnerabilities are related to out-of-bound write and remote heap overflow in the MIME library of the Mail application. The vulnerability allows hackers to remotely execute code and infect the device by sending emails consuming large amounts of RAM to any individual whose email account is logged into the Mail application. Full control of Apple devices.
The Mail app on iOS has serious vulnerabilities Picture 1
In particular, the vulnerability associated with buffer overflow is more dangerous because it does not require interaction from the recipient.
Both of these vulnerabilities have existed for the past 8 years, since iOS 6 launched and they still affect the latest version of iOS 13.4.1.
More worrying is that many attackers have been exploiting these vulnerabilities to track victims, at least for the past two years. At least 6 organizations have been affected by this hole.
According to the researchers, after remotely accessing the victim's device, the attacker immediately deletes the malicious email, making it difficult for Apple users to detect.
After successfully exploiting this vulnerability, hackers will run a malicious code to "leak, modify and delete emails". For complete control of the device remotely, an attacker needs to connect it to a separate kernel vulnerability in the system.
The Mail app on iOS has serious vulnerabilities Picture 2
ZecOps discovered these two vulnerabilities almost two months ago and reported it to Apple.
Up to now, the security patches to fix both these vulnerabilities have only appeared on the iOS 13.4.5 beta version released by Apple last week.
Apple will soon release a software patch in the upcoming iOS update for general iPhone and iPad users. From now until patch is available, it is best to use Outlook or Gmail instead of the built-in email application.
David PacYou should read it
- How iPhone vulnerabilities allow websites to hack iOS devices
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- New dangerous vulnerability in Intel CPU: Works like Specter and Meltdown, threatening all PCs and the cloud
- HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
- Apple confirms the existence of a series of serious vulnerabilities that can cause iPhones to be hacked
- 'Red alert' after the hack targeted Twitter, Facebook removed the feature matching contacts with phone numbers in Messenger
- Security vulnerabilities - basic insights
- Microsoft rewards $ 250,000 for any talent that discovers the new Meltdown and Specter vulnerabilities
- Release software to check DNS server vulnerabilities
- EternalRocks - more dangerous malicious code than WannaCry exploits up to seven NSA vulnerabilities
- There is a new zero-day vulnerability in Windows
- Detecting zero-day vulnerabilities in Internet Explorer helps hackers gain control of the computer
Maybe you are interested
Detecting software vulnerabilities Samsung can be rewarded with 1 million USD
Serious security vulnerabilities in Safari and Chrome have existed for 18 years
GPT-4 exploits vulnerabilities faster and cheaper than humans
Warning of 16 security vulnerabilities causing Microsoft products to be attacked
16 new security vulnerabilities can cause systems using Microsoft software to be attacked
Microsoft fixes 149 security vulnerabilities on Windows, users should update immediately
Technology story
China built the world's highest 5G station on Mount Everest- After Facebook, Instagram is also about to feature the memory of the deceased
- AMD announced the Ryzen 3 3300X and Ryzen 3 3100 CPUs for desktops
- Razer Blade Stealth 13: Small but martial
- Microsoft released emergency patch updates for Windows 10
- In 2020, which iPhone should I buy to fit my needs?
China built the world's highest 5G station on Mount Everest
After Facebook, Instagram is also about to feature the memory of the deceased
AMD announced the Ryzen 3 3300X and Ryzen 3 3100 CPUs for desktops
Razer Blade Stealth 13: Small but martial
Microsoft released emergency patch updates for Windows 10
In 2020, which iPhone should I buy to fit my needs?