A group of security experts has discovered that the Mail application has suffered a critical flaw since 2012, allowing an attacker to take control of the messaging of an iPhone or iPad user. Apple has confirmed the existence of the vulnerability and will correct it in the next version of iOS.
Eight years. This is the time it will have taken for a security expert to discover that the iPhone and iPad suffer from a serious flaw in the Mail application . By default, this is the application used to send and receive emails, whether personal or professional.
The problem is that this flaw has existed since version 6 of iOS (and maybe even before but the previous versions have not been tested, and therefore at least since 2012, and that hackers exploit it since January 2018. Two years that millions of iPhone and iPad are potential targets of attacks, even if for the moment, the victims would be few. In this case, the hackers attacked a few businessmen, companies, journalists, etc.
A flaw fixed in the next version of iOS
Concretely, the ZeCops team explains that a simple email can hack the iPhone, and this “ zero-day ” type flaw is based on an overflow of memory. With one or more emails, the hacker sends an attachment that is too large, and it causes Mail to malfunction. This is where he manages to rush into the flaw, and this type of attack already existed via browsers or other software .
Apple has confirmed the existence of this vulnerability and announces that it will be fixed as of version 13.4.5 of iOS . For now, this next version is available in beta , and it will take a few weeks for it to be available to the greatest number. In the meantime, two pieces of advice: do not open an email from a stranger, especially if it has an attachment; use applications like Gmail or Outlook to check your email.