Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Apple denies iPhone Mail hack but admits there are vulnerabilities

The company has issued a statement claiming that there is “no evidence” to suggest that the recently-disclosed Mail vulnerability has previously been used by hackers.

On Wednesday, ZecOps managed to spook the Apple community by disclosing a new, vicious type of vulnerability. According to the firm’s report, this security flaw could allow bad actors to ping over a carefully-crafted email which, when opened in the default iPhone Mail app, would allow them to “leak, forward and delete” messages from the victim’s inbox.

Related: Worried about the iPhone Mail hack? Here’s how to protect yourself

ZecOps also said that the vulnerability had already been used to target high-profile individuals. For privacy reasons, the firm didn’t disclose the full details – but Apple has said that’s a load of tosh.

Issuing a statement to Reuters, the company said: “We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”

Apple has acknowledged the existence of the vulnerability, issuing a fix in the form of its beta 13.4.5 iOS update. But it’s currently denying that the security flaw has actually been used.

In response to this, ZecOps has said that it will back-up its claims by disclosing additional technical information, once Apple has rolled out the fix to the wider public.

ZecOps isn’t the only company to notice suspicious activity surrounding Apple at the moment. We reached out to Cyble, a third party cyber intelligence platform, to get its input on the matter.

“While we don’t have direct evidence of active exploitation of Apple Mail App at this point however, we are closely monitoring any developments. We are aware of zero-days on sale for Apple iOS being sold in the private and deepweb markets,” Cyble CEO Beenu Arora told Trusted Reviews.

He also said: “There is a high probability that nefarious actors may have got access to 0-days in the private darkweb markets to conduct their operations. The critical thing to note is that Apple has released fixes for these vulnerabilities as part of iOS 13.4.5 beta 2, which was released on April 15 and we expect Apple will release iOS 13.4.5 into general availability soon, especially after these public reports.”

Related: Best iPhone 2020

Cyble advises that users disable their Mail App and switch to alternatives for the time being. We’ve asked Apple when the fix will be rolled out to the general public.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.