A bug has been discovered in iOS 7 that causes email attachments to not be encrypted. Before anyone panics, however, in order for an attacker to exploit the bug they'd need to a) steal your device and, b) brute force or jailbreak-bypass the passcode or password, which c) currently means there's no risk to iPhone 4s and later devices running iOS 7.1 or later software. When reached for comment about the bug, Apple provided us with the following statement:
"We're aware of the issue," an Apple spokeswoman told iMore, "and are working on a fix which we will deliver in a future software update."
The bug was first reported by Andreas Kurtz:
I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction:
Kurtz claims he successfully duplicated the tests on an iPhone 5s and an iPad 2 running iOS 7.0.4, though he makes no claim of testing them successfully or unsuccessfully on iOS 7.1.1. Given the requirements, anyone running an iPhone 4s or later (Apple A5* chipset or later) and iOS 7.1.x or later should not be vulnerable to this bug.
That means the only current, updated hardware affected is the iPhone 4, and an attacker would still need prolonged access to your device to perform this attack, which also means preventing Find my iPhone from wiping it. They'd also need to get around the passcode or password. (If you don't have a Passcode set they could just launch Mail.app and see all your attachments, and everything else on your device, anyway.)
With iOS, Apple has made the iPhone and iPad amazingly strong crypto bricks but bugs like this need to be squashed and fast to keep them that way.
Nick Arnott contributed to this story.
We may earn a commission for purchases using our links. Learn more.
Let's talk aesthetic Home screens, Apple Watches, iPhone 12, and more
It's been quite a busy September. We got new Apple Watches, iOS 14 and watchOS 7, new customization trends, and so much more. Let's dive in!
FAQ: TikTok & WeChat ban — why it’s happening and what it means for you
Are TikTok and WeChat really being banned? When does all of this take effect? Will I still be able to use these apps? All this and more answered in our FAQ regarding the latest U.S. orders.
Here's everything we know about the iPhone 12 so far
With the iPhone 12 reportedly just weeks away, here's everything we currently know about Apple's next flagship lineup!
These HomeKit cameras work with iOS14's Face Recognition and Activity Zones
iOS 14 brings some powerful new capabilities to HomeKit Secure Video-enabled cameras like Face Recognition and Activity Zones. Here's all of the cameras and doorbells that support the latest and greatest HomeKit features.