Posted in News by Vlad on April 25, 2020
Two zero-day security vulnerabilities of the stock iOS Mail app have been uncovered by a San Francisco-based cyber-security company. According to them your iPhone’s, iPad’s and iPod’s native Mail app can be infected by an attacker that sends emails which are able to consume significant amount of memory. The aggressor can also exploit a second vulnerability that would allow him to remotely perform code execution. In case of a successful attack the hacker can leak, modify and even delete the victim’s emails.
Mind blowing is the fact that the vulnerabilities go all the way back to iOS 6 and the iPhone 5! That’s September 22, 2015! ZecOps claims that the above mentioned Mail app security problems are found in every iOS device running iOS 6 to iOS 13.4.1. That’s a huge amount of iPhones and iPads that are exposed to potential mail hacks. Same cyber-security company claims that corporate executives and government officials might have been targeted and not the average user. It’s also unclear if any of the attacks have been successful or not.
Apple Claim “No Immediate Threat”
With all this being said, Apple has recently downplayed the ZecOps findings and claim that the above mentioned security issues pose no immediate risks to iOS users. They claim that the identified problems alone “aren’t sufficient to bypass the iPhone and iPad security protections”. However, the Cupertino-based tech giant confirms that a patch for these vulnerabilities is work in progress. ZecOps have confirmed that the Beta version of the upcoming iOS 13.4.5 already includes a patch for the Mail app security problems!
How To Patch Mail App Security Flaws
Obviously the best option is to update the iOS version as soon as Apple releases a new version that includes the patch. But what can you do until then?
1. Sign out from Mail
It’s a radical decision but one that promises to keep you safe. Swap the stock iOS Mail app for Gmail or Outlook. This switch can be done temporarily until we get the official fix from Apple. Here is how to do it.
1. Open the Settings app.
2. Scroll for Passwords & Accounts.
3. Tap on your [account name].
4. Disable the Mail option. That’s it you’re now signed out of the Mail app. Make sure to repeat the process of you have multiple accounts linked.
Fact: If you want to bring this to the extreme you can also open the Home Screen. Tap & hold the Mail icon until you get the icons jiggling. Tap the “x”, that hovers above the Mail app icon and confirm that you want to delete the Mail app. Don’t worry you can easily install it back from the App Store as soon as you upgrade to the new iOS version that includes the fix for the above mentioned vulnerabilities!
2. Update To The Latest iOS Version
As soon as able releases a software update with a fix, we will update it here! Stay tuned!
What do you think about these recent Mail app security vulnerabilities? Are you using the stock Mail app or prefer Gmail or any other third party mailing app? Let us know in the comments section available below.
Related: This isn’t the first security breach found in iOS and surly won’t be the last. A major one surfaced one year ago and it affected FaceTime. Apple had to release iOS 12.1.4 to patch it and prevent users from spying on their contacts!