publishing date icon
April 24, 2020
read time icon
5 min. read

iOS Mail App Security Flaw

Author image
Barbara Babati
Marketing Manager
Post hero image

Table of contents

share this post

According to security researchers, the iOS mail app, which is the email client that can be found on most Apple iPhones and iPads, has a severe security flaw making it vulnerable to attacks. The report was published on 22nd April 2020 by ZecOps.

According to ZecOps, the vulnerability is widely exploited in targeted attacks by advanced threat operators. The company believes that at least six high-profile targets were victims, such as individuals from a Fortune 500 company in North America.

ios mail app security flaw

Make sure to disable the iOS Mail app (icon seen in the image) to protect your privacy and data.

How do attackers utilize the iOS Mail app security flaw?

  1. The attacker sends a targeted email to a victim’s email address.
  2. The email then triggers the vulnerability in the iOS Mail application on iOS 12 or iOS13.

According to ZecOps, the issue has been existing at least since iOS6, which was released in 2012.

Why is this security flaw so dangerous?

Simply, because you can be careful enough with your security and email hygiene, but with this vulnerability, you don’t need to download malware or visit an infected website. All the attackers need to do is remotely executing a code on your iOS device for the Mail app to receive the email and you to open the message.

What should you do if you use iOS Mail?

Take extra care: avoid using iOS Mail entirely. Most email client providers have their own applications. We suggest that you would switch to using those alternatives. Disable the iOS Mail app at least until there is no fix.

Is there a fix coming?

According to reports, ZecOps has reported the vulnerability to Apple, and the company has fixed it, and it is available in the new iOS update in the coming weeks.

Please remember always to update your iOS once there is a new update available.

Subscribe to All Things Human Risk

Subscribe to our newsletter for a curated digest of the latest news, articles, and resources on human risk and evolving phishing threats in the ever-changing landscape.

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.