UAE

Life and Living

World

Opinion

Business

Sports

Entertainment

Dubai World Cup

lifestyle

Travel

Reviews

Brands

Supplements

KT Events

KT APPDOWNLOAD

Apple reacts to bug warning used to exploit iPhone, iPad users

Top Stories

Embracing the bright side: A guide on how to cultivate optimism

The power of solitude: Why you should go on a solo trip

How to get your kids to read: Essential tips for parents
apple, mail bug, hacking, iphone, ipad

San Francisco - Apple said that potential issues will be addressed in a software update soon.

By IANS

  • Follow us on
  • google-news
  • whatsapp
  • telegram

Published: Fri 24 Apr 2020, 8:13 PM

Last updated: Fri 24 Apr 2020, 10:26 PM

Apple has found 'no evidence' in report by cybersecurity company ZecOps that discovered two vulnerabilities in Apple iOS mail which they believed are widely exploited in the wild to target iPhone and iPad users.

The security researchers at San Francisco-based ZecOps discovered the bugs in the default iOS and iPadOS Mail app. The bugs allow to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13). Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails.
Also read: Hacking warning issued for UAE's Apple device users
"Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher's report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users," the tech giant said in a statement on Thursday.

The company added that the researcher identified three issues in Mail, "but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers".

ZecOps had said that "additional kernel vulnerability would provide full device access - we suspect that these attackers had another vulnerability. It is currently under investigation".

What is more, on iOS 13, end users do not require to perform any action for the exploitation to succeed. On iOS 12, the bug requires the victim to click on an email.

If an attacker controls the mail server, the attack can be performed without any clicks on iOS 12 too, the researchers said.

iOS is vulnerable to these bugs at least since iOS 6 -September 2012, ZecOps said, adding that it did not check earlier versions. MacOS is not vulnerable to these bugs, it added.

Apple said that these potential issues will be addressed in a software update soon.

"We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance," the company said.


More news from