A routine investigation by researchers at ZecOps has apparently unearthed some serious security flaws with Apple’s Mail app – and according to the cyber security startup, the vulnerability has already been exploited in the wild.
The security flaw can be used to target iPad or iPhones with the Mail app installed, and it doesn’t require users to download anything. Hackers just have to send a specially-crafted email – which any unassuming victim would open – to trigger the mail-based exploit.
Related: Best smartphone 2020
Once that email has been opened and the vulnerability exploited, the bad actors can leak, modify and delete emails remotely.
Apple has issued a fix to this in the form of its iOS 13.4.5 update, but that’s currently only in the beta stage. This means you have to sign up to Apple’s Beta Program to download the new operating system, but luckily this is an option that’s open to the public. To do this:
- Head to Apple’s beta website and sign up using your Apple ID.
- Once that’s done, Apple recommends you back up your data and files, which you can read more about here.
- Next, grab your iOS device and head to the beta profile page to download the configuration profile.
- Finally, from your iOS device head to Settings > General > Software update to get iOs 13.4.5.
Unfortunately, anyone with an iPhone 6 or older won’t be able to get the update, as it’s only available on more modern phones. If this is the case for you, ZecOps says you should “consider disabling [your] Mail application and use Outlook or Gmail.”
Related: Best iPhone 2020
So far, Apple hasn’t issued a statement on the vulnerability, but the latest patch update shows that the company is definitely tackling the problem. We’ve reached out to Apple for comment and will update this piece with any response.