Breaking News

ASUS Announces October Availability of ProArt PA169CDV Pen Display The newly User-Centered BIOS is now available on GIGABYTE 600/700 series motherboards PlayStation Plus Monthly Games for October: The Callisto Protocol, Farming Simulator 22, Weird West New Acer Nitro V 15 Laptop Makes Gaming More Accessible Xiaomi and Leica Camera AG present the Xiaomi 13T Series with Leica Optics

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Apple to Patch Serious iOS Vulnerability

Apple to Patch Serious iOS Vulnerability

Smartphones Apr 22,2020 0

Apple will fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers.

The bug was discovered by Zuk Avraham, chief executive of San Francisco-based mobile security forensics company ZecOps, while investigating a sophisticated cyberattack against a client in late 2019. Avraham said he found evidence the vulnerability was exploited in at least six cybersecurity break-ins.

Specifically, ZecOps found a number of remote attacks that were carried through the default Mail application on iOS dating as far back as Jan 2018. ZecOps analyzed these attacks and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. They detected multiple, yet targeted, attacks leveraging this vulnerability targeting enterprise users, VIPs, and MSSPs, over a prolonged period of time.

The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13. Based on ZecOps Research and Threat Intelligence, these vulnerabilities – in particular, the remote heap overflow – are widely exploited in the wild in targeted attacks by an advanced threat operator(s).

ZecOps is aware of multiple attacks that happened starting from Jan 2018, on iOS 11.2.2. It is likely that the same threat operators are actively abusing these vulnerabilities presently.

Affected versions:

  • All tested iOS versions are vulnerable including iOS 13.4.1.
  • These these bugs were actively triggered on iOS 11.2.2 and potentially earlier.
  • iOS 6 and above are vulnerable. iOS 6 was released in 2012!

The targets included:

  • Individuals from a Fortune 500 organization in North America
  • An executive from a carrier in Japan
  • A VIP from Germany
  • MSSPs from Saudi Arabia and Israel
  • A Journalist in Europe
  • Suspected: An executive from a Swiss enterprise

While ZecOps refrain from attributing these attacks to a specific threat actor, the security firn is aware that at least one ‘hackers-for-hire’ organization is selling exploits using vulnerabilities that leverage email addresses as a main identifier.

The company advises to update as soon as an iOS update is available.

Apple acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.

Tags: iPhoneiosbugsCybersecurity
Previous Post
Magic Leap Announces Major Reconstructing, Exits Consumer Business
Next Post
Special-Edition JBL Flip 5 Eco is made from 90 Percent Recycled Plastic

Related Posts

  • iOS 17 is available today

  • Apple announces iPadOS 16, watchOS 9 and macOS Ventura

  • Here’s everything new in the first betas of iOS 15.4 and iPadOS 15.4

  • iOS 15 is available today

  • Apple announced tons of new products: Watch Series 7, new iPad, iPad mini, iPhone 13 / 13 mini and iPhone 13 Pro / Pro Max!

  • iOS 15 brings new ways to stay connected and powerful features that help users focus, explore, and do more with on-device intelligence

  • Apple advances its privacy leadership with iOS 15, iPadOS 15, macOS Monterey, and watchOS 8

  • iOS 14.5 released

Latest News

ASUS Announces October Availability of ProArt PA169CDV Pen Display
Enterprise & IT

ASUS Announces October Availability of ProArt PA169CDV Pen Display

The newly User-Centered BIOS is now available on GIGABYTE 600/700 series motherboards
PC components

The newly User-Centered BIOS is now available on GIGABYTE 600/700 series motherboards

PlayStation Plus Monthly Games for October: The Callisto Protocol, Farming Simulator 22, Weird West
Gaming

PlayStation Plus Monthly Games for October: The Callisto Protocol, Farming Simulator 22, Weird West

New Acer Nitro V 15 Laptop Makes Gaming More Accessible
Enterprise & IT

New Acer Nitro V 15 Laptop Makes Gaming More Accessible

Xiaomi and Leica Camera AG present the Xiaomi 13T Series with Leica Optics
Cameras

Xiaomi and Leica Camera AG present the Xiaomi 13T Series with Leica Optics

Popular Reviews

Pioneer BDR-S13U-X Blu-Ray Recorder

Pioneer BDR-S13U-X Blu-Ray Recorder

Pioneer BDR-X13U-S

Pioneer BDR-X13U-S

Pioneer BDR-XD08UMB-S External Blu-Ray Recorder

Pioneer BDR-XD08UMB-S External Blu-Ray Recorder

Arctic Liquid Freezer II 360 Α-RGB

Arctic Liquid Freezer II 360 Α-RGB

Surefire KINGPIN M2 Keyboard

Surefire KINGPIN M2 Keyboard

Verbatim External 4K Slimline Blu-Ray Recorder

Verbatim External 4K Slimline Blu-Ray Recorder

Samsung 970 EVO Plus 2TB NVME SSD

Samsung 970 EVO Plus 2TB NVME SSD

Crucial X8 4TB PortableSSD

Crucial X8 4TB PortableSSD

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed