Together, towards a better future

Hacking iPhones by Sending an Email

The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims.


2 min read
Hacking iPhones by Sending an Email

The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.

Research published by ZecOps, a mobile security firm, said a bug in the Mail app made devices susceptible to sophisticated attacks.

In a statement, Apple said: "We have thoroughly investigated the researcher's report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers."

To exploit this flaw, hackers would send a seemingly blank message to an iPhone or iPad users Mail account - the email app on iOS devices. When the email was opened it would crash the app forcing the user to reboot. During the reboot, hackers would be able to access information on the device.

According to the researchers, it could be tough for Apple users to know if they were targeted as part of these cyber-attacks because it turns out that attackers delete the malicious email immediately after gaining remote access to the victims' device.

What makes this attack different from other hacks is users do not need to download any external software or visit a website that contains malicious software (malware). Typically hacks require some action on the part of the victim - those steps make possible to trace the origin of the attack.

Researchers spotted in-the-wild-attacks and discovered the related flaws almost two months ago and reported it to the Apple security team.

The company said: "These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance"

Newsletter
Get all the latest posts delivered straight to your inbox!
🎉 You've successfully subscribed to Hack Hex!
OK