OUR SERVICES
Apple has confirmed the serious vulnerability in the Mail app for iPhone and iPad that could allow criminal hackers to read, modify and delete emails, exposing users of all versions of iOS 6 onwards to the risk of data theft. The patch, however, will only be applied in the next iOS 13.4.5 version
27 Apr 2020 Paolo Tarsitano Editor Cybersecurity360.itThe official confirmation from Apple has arrived of the presence of an extremely serious 0-day vulnerability in all versions of Apple's iOS mobile operating system, from the 6 used by the iPhone 5, up to the current version, namely 13.4.1, used in iPhones 11.
The same House of Cupertino announces, however, that the patch will be applied only in the next version of iOS, 13.4.5, and that at the moment only users who have already installed the software in beta are protected: all the others (and we are talking about millions in the world) will therefore continue to be exposed to possible cyber attacks.
Index of topicsVulnerabilities in iPhone and iPad: the technical details
In particular, the vulnerability reported last week by security researchers at ZecOps concerns the native Mail app for iPhone and iPad and could allow criminal hackers to read, modify and delete emails, exposing iPhone users and iPad at a serious risk of data theft.
WHITEPAPERRete, security and digital workplace: a new model for agile workNetworkingNetwork SecurityDownload the WhitepaperAccording to the researchers, the flaw is due to some problems related to the mismanagement of memory within the system libraries for MIME (Multipurpose Internet Mail Extensions) content. Exploiting the 0-day vulnerability could therefore allow a remote attacker who knows the victim's configured email address on their iPhone to send a malicious message capable of executing arbitrary code on the device.
In this way, the attacker is able to install malware with cyber espionage capabilities on the target device, completely without the victim's knowledge and without requiring any interaction from her.
Furthermore, from the technical analysis of ZecOps, it would seem that the attacks are easier to perform on iOS 13 than previous generations of the Apple operating system. For example, on iOS 12 an attacker would have to prompt the iPhone user to open a malicious email. With iOS 13, the attack can be carried out simply from the Mail App which is launched in the background.
How to mitigate the risk of data theft
“Sophisticated attacks like this remind us that the most motivated opponents will always find a way to break through the cracks in security solutions. Identifying and exploiting unknown vulnerabilities is a time-consuming and costly task, but it is certainly very rewarding in terms of results, ”commented Mariana Pereira, Director of Email Security Products at Darktrace.
“If this flaw and the attacks that potentially exploited it were confirmed - continues the Darktrace analyst -, the hackers will have had access to high-value targets, which otherwise would have been heavily protected, along with all their communications. In fact, it is a question of having access to communications that could be extremely useful for them for multiple purposes; a competitor, for example, may be interested in sensitive emails, such as those that contain merger or acquisitions data, IP connection information, or other sensitive data. The attacker could also try to use knowledge of the email content as a starting point to launch targeted spear phishing attacks against contacts with whom people have exchanged emails. "
Here is a helpful security tip from her: “Even now, that we can identify some of the markers that characterize these attacks, it will be difficult for traditional security tools to detect and stop them until a patch is available. And, as with any vulnerability that requires a patch, sadly we know that some users will not install the updates and will remain vulnerable. My advice to companies and individuals is to keep alert of any abnormal activity on their email accounts, and be careful to install patches as soon as they are released. "
The good news, in all this rather serious matter taking into account that the vulnerability affects 8 versions of iOS (the 6 was released in 2012 and in any case the ZecOps study does not exclude that other previous versions are also exposed), is that Apple probably it will speed up the release of version 13.4.5 of the operating system by “skipping” the intermediate versions.
In the meantime, it is advisable to use a third-party application for managing e-mail such as Outlook or Gmail which are not vulnerable to the exploit and in the meantime deactivate the Mail application by following these simple steps:
It is important to note that by deleting an app from the iPhone, it will also be deleted from the paired Apple Watch.
Finally, this will also delete user data and related configuration files. For more information, we can consult the official Apple guide.
@PRODUCTION RESERVEDCharactersPPaolo TarsitanoArgomentiAappleAApple MailGguidaHHackerIiOSIiPadIiPhoneMmalwarePpatchPphishingSspear phishingVvulnerabilityZZecOpsChannelsMalware and hacker attacksNews analysisMalware and hacker attacksTECHNICAL ANALYSIS