A new security vulnerability has been discovered in the default Mail app

By Joe Wituschek
published

Mail
Mail (Image credit: Joseph Keller/iMore)

What you need to know

  • A new report details two new security vulnerabilities found in iOS 13.
  • The vulnerabilities affect the software as a whole and the Mail app.
  • Apple has patched both exploits in the latest iOS 13 beta.

A new report from Vice details two new security vulnerabilities in iOS 13. Zuk Avraham, the founder of ZecOps, said that a few of their customers were targeted with a with two zero-day exploits in iOS 13 last year.

"We concluded with high confidence that it was exploited in the wild ... One of the vulnerabilities we clearly showed that it can be triggered remotely, the other one requires an additional vulnerability to trigger it remotely."

The first was what is known as a remote zero-click, meaning that anyone on the internet could be targeted and infected without knowing about it. According to Avraham, this exploit was used by bad actors to target "VIPs, executive management across multiple industries, individuals from Fortune 2000 companies, as well as smaller organizations such as MSSPs."

The second exploit found in iOS 13 allowed hackers to send an email to the default Mail app on iOS 13 that would open vulnerability and allow the hacker to execute code on the device. They would then delete the emails to cover their tracks.

After ZecOps verified the exploits, they reported them to Apple at the end of March. Thankfully, Apple was quick to respond and patched the vulnerabilities in the latest iOS beta. That update will come to all iPhone owners in the near future.

"Apple says the ZecOps zero-days have been patched in the latest iOS beta release and will be patched in the upcoming iOS public update."

The kind of vulnerabilities found by ZecOps is targeted exploits and not mass vulnerabilities affecting a wide range of users, according to the report.

Joe Wituschek
Joe Wituschek
Contributor

Joe Wituschek is a Contributor at iMore. With over ten years in the technology industry, one of them being at Apple, Joe now covers the company for the website. In addition to covering breaking news, Joe also writes editorials and reviews for a range of products. He fell in love with Apple products when he got an iPod nano for Christmas almost twenty years ago. Despite being considered a "heavy" user, he has always preferred the consumer-focused products like the MacBook Air, iPad mini, and iPhone 13 mini. He will fight to the death to keep a mini iPhone in the lineup. In his free time, Joe enjoys video games, movies, photography, running, and basically everything outdoors.

1 Comment
  • I read about this about 16 hours before here on another site. Come on guys. You are an apple centric site. This needs to be top of the page before any other sites like ms power user has this info. Seriously.