What you need to know
- A new report details two new security vulnerabilities found in iOS 13.
- The vulnerabilities affect the software as a whole and the Mail app.
- Apple has patched both exploits in the latest iOS 13 beta.
A new report from Vice details two new security vulnerabilities in iOS 13. Zuk Avraham, the founder of ZecOps, said that a few of their customers were targeted with a with two zero-day exploits in iOS 13 last year.
"We concluded with high confidence that it was exploited in the wild ... One of the vulnerabilities we clearly showed that it can be triggered remotely, the other one requires an additional vulnerability to trigger it remotely."
The first was what is known as a remote zero-click, meaning that anyone on the internet could be targeted and infected without knowing about it. According to Avraham, this exploit was used by bad actors to target "VIPs, executive management across multiple industries, individuals from Fortune 2000 companies, as well as smaller organizations such as MSSPs."
The second exploit found in iOS 13 allowed hackers to send an email to the default Mail app on iOS 13 that would open vulnerability and allow the hacker to execute code on the device. They would then delete the emails to cover their tracks.
After ZecOps verified the exploits, they reported them to Apple at the end of March. Thankfully, Apple was quick to respond and patched the vulnerabilities in the latest iOS beta. That update will come to all iPhone owners in the near future.
"Apple says the ZecOps zero-days have been patched in the latest iOS beta release and will be patched in the upcoming iOS public update."
The kind of vulnerabilities found by ZecOps is targeted exploits and not mass vulnerabilities affecting a wide range of users, according to the report.