Apple says iOS Mail security flaw not ‘an immediate risk’
After a security firm uncovered a flaw in Apple’s iOS Mail app that “allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory,” Apple is assuring users that it doesn’t pose an immediate risk.
In a statement, Apple assured users that the protections in place on iPhones and iPads are strong enough to mitigate any potential risk. “The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections.”
In its findings, security researcher ZecOps said the flaws “would allow the attacker to leak, modify, and delete e-mails”. Users who were the recipient of failed attacks might see e-mails displaying the fairly common, “This message has content” warning. Affected users wouldn’t notice any changes on their device other than “a temporary slowdown” of the Mail app, ZecOps said. According to the copmany, the flaws have existed since iOS 6.
While the flaws were “triggered in-the-wild” ZecOps, it said the bugs alone “cannot cause harm to iOS users – since the attackers would require an additional infoleak bug and a kernel bug afterwards for full control over the targeted device”. In its statement, Apple said it has “found no evidence they were used against customers.”
Apple said the vulnerabilities will be addressed in an upcoming software update and has already provided a beta patch in IOS 13.4.5 that ZecOps confirms fixes the issue.
IDG News Service