Apple's iPhone and iPad devices have been plagued by serious vulnerabilities since 2018, security analyst reports
One of the advantages that Apple always puts forward when comparing its computers and mobile devices to Windows-based computers and Android-based smartphones is its great cybersecurity track record. Many Macintosh advertisements in the mid-2000s were trying to show how Apple’s computers were safer than other PCs running Windows, and, for the most part, this is still true. Same may be said for Apple’s mobility devices, but a recent discovery could dramatically change the status quo. Zuk Avraham, chief executive of mobile security forensics company zecOps based in San Francisco, came across a very serious iOS flaw while investigating a targeted cyberattack on one of the firm’s clients in late 2019, and it looks like Apple just became aware of it.
The security flaw affects iPhones / iPads and appears to have been exploited since 2018. Avraham found that this particular vulnerability was used in at least six targeted cybersecurity break-ins in the past few years. Furthermore, an Apple spokesman recently acknowledged that a security flaw with the Mail app on iOS devices will soon be fixed via an update for millions of devices, but did not actually connect it to Avraham’s finds.
Avraham published all his research Wednesday, April 22, 2020, detailing how the hackers have been exploiting the flaw. In this sense, the affected devices would be receiving an apparently blank email message through the Mail app forcing a crash or hard reset, that, in turn, would breach the device in order to obtain photos, contacts, confidential messages etc. According to Avraham, this technique was part of a chain of malicious programs that could have given hackers total remote access of the affected devices, but these still remain undiscovered.
The research is currently under scrutiny from two other independent security researchers who admitted that the evidence appears credible, but could not fully replicate all the flaws due to time constraints. Other experts chimed in, expressing their concerns. Patrick Wardle, an Apple security researcher claims that the discovery “confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices.” Bill Marczak, security researcher at Canadian company Citizen Lab also stated that the flaw looks “scary,” noting that “a lot of times, you can take comfort from the fact that hacking is preventable. With this bug, it doesn’t matter if you’ve got a PhD in cybersecurity, this will eat your lunch.”
Most of the 900 million iPhone and iPads currently in active use are said to be affected by this vulnerability. Because Apple was not aware of this problem for such a long time, the exploit could have been used by government entities or private contractors to obtain confidential information from high-profile users. iPhone and iPad users are advised to disable the Mail app and use other solutions like Gmail until the fix is released.