Notebookcheck Logo
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Apple's iPhone and iPad devices have been plagued by serious vulnerabilities since 2018, security analyst reports

The exploit is introduced via a seemingly harmless blank email. (Image Source: zecOps)
The exploit is introduced via a seemingly harmless blank email. (Image Source: zecOps)
The vulnerability allows attackers to gain control of all the data stored within the mails received via the Mail app on iOS devices. Apple has recently become aware of the security problem, but the vulnerability may have been exploited since early 2018. A fix will soon be released, and, until then, iPhone and iPad users are advised to deactivate the Mail app and use other solutions like Gmail.
Bogdan Solca,

One of the advantages that Apple always puts forward when comparing its computers and mobile devices to Windows-based computers and Android-based smartphones is its great cybersecurity track record. Many Macintosh advertisements in the mid-2000s were trying to show how Apple’s computers were safer than other PCs running Windows, and, for the most part, this is still true. Same may be said for Apple’s mobility devices, but a recent discovery could dramatically change the status quo. Zuk Avraham, chief executive of mobile security forensics company zecOps based in San Francisco, came across a very serious iOS flaw while investigating a targeted cyberattack on one of the firm’s clients in late 2019, and it looks like Apple just became aware of it.

The security flaw affects iPhones / iPads and appears to have been exploited since 2018. Avraham found that this particular vulnerability was used in at least six targeted cybersecurity break-ins in the past few years. Furthermore, an Apple spokesman recently acknowledged that a security flaw with the Mail app on iOS devices will soon be fixed via an update for millions of devices, but did not actually connect it to Avraham’s finds.

Avraham published all his research Wednesday, April 22, 2020, detailing how the hackers have been exploiting the flaw. In this sense, the affected devices would be receiving an apparently blank email message through the Mail app forcing a crash or hard reset, that, in turn, would breach the device in order to obtain photos, contacts, confidential messages etc. According to Avraham, this technique was part of a chain of malicious programs that could have given hackers total remote access of the affected devices, but these still remain undiscovered.

The research is currently under scrutiny from two other independent security researchers who admitted that the evidence appears credible, but could not fully replicate all the flaws due to time constraints. Other experts chimed in, expressing their concerns. Patrick Wardle, an Apple security researcher claims that the discovery “confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices.” Bill Marczak, security researcher at Canadian company Citizen Lab also stated that the flaw looks “scary,” noting that “a lot of times, you can take comfort from the fact that hacking is preventable. With this bug, it doesn’t matter if you’ve got a PhD in cybersecurity, this will eat your lunch.”

Most of the 900 million iPhone and iPads currently in active use are said to be affected by this vulnerability. Because Apple was not aware of this problem for such a long time, the exploit could have been used by government entities or private contractors to obtain confidential information from high-profile users. iPhone and iPad users are advised to disable the Mail app and use other solutions like Gmail until the fix is released.

static version load dynamic
Loading Comments
Comment on this article
Bogdan Solca
Bogdan Solca - Senior Tech Writer - 1753 articles published on Notebookcheck since 2017
I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.
contact me via: Facebook
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2020 04 > Apple's iPhone and iPad devices have been plagued by serious vulnerabilities since 2018, security analyst reports
Bogdan Solca, 2020-04-23 (Update: 2020-04-23)