Apple Identifies Flaw That Might Allow Hackers Access Information
Apple is planning to fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers in a report by The Mirror.
The bug, which also exists on iPads, was discovered by ZecOps, a San Francisco-based mobile security forensics company, while it was investigating a sophisticated cyberattack against a client that took place in late 2019.
An Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as theMail app and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.
However, Apple declined to comment on Avraham’s research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.
Explaining how the hack works, Avraham said that victims would be sent an apparently blank email message through the Mail app forcing a crash and reset.
The crash will open the door for hackers to steal other data on the device, such as photos and contact details.
ZecOps claims the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS.
Avraham, a former Israeli Defense Force security researcher, said he suspected that the hacking technique was part of a chain of malicious programs, the rest undiscovered, which could have given an attacker full remote access.
Apple declined to comment on that prospect.
Meanwhile, two independent security researchers who reviewed ZecOps’ discovery found the evidence credible, but said they had not yet fully recreated its findings.