Apple admits to widespread iOS Mail security threat but claims no ‘immediate risk’

Fix coming 'soon'

Credit: Dreamstime

After a security firm uncovered a flaw in Apple’s iOS Mail app that “allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory,” the technology giant is assuring users that it doesn’t pose an immediate risk.

In a statement to the market, Apple assured users that the protections in place on iPhones and iPads are strong enough to mitigate any potential risk. “The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections.”

In its findings, security researcher ZecOps said the flaws “would allow the attacker to leak, modify, and delete emails.”

Users who were the recipient of “failed attacks” might see emails displaying the fairly common, “this message has content” warning. Affected users wouldn’t notice any changes on their device other than “a temporary slowdown” of the Mail app, ZecOps said. The flaws existed since iOS 6, the company says.

While the flaws were “triggered in-the-wild,” according to ZecOps, it said the bugs alone “cannot cause harm to iOS users – since the attackers would require an additional infoleak bug & a kernel bug afterwards for full control over the targeted device.” In its statement, Apple said it has “found no evidence they were used against customers.”

Apple said the vulnerabilities will be addressed in an upcoming software update and has already provided a beta patch in IOS 13.4.5 that ZecOps confirms fixes the issue. If you want to install the patch before its public release, you can join Apple’s iOS Public Beta program.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Appleiossecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Michael Simon

Michael Simon

Macworld.com
Show Comments

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?