Apple denies iPhone Mail hack but admits there are vulnerabilities

The company has issued a statement claiming that there is “no evidence” to suggest that the recently-disclosed Mail vulnerability has previously been used by hackers.

On Wednesday, ZecOps managed to spook the Apple community by disclosing a new, vicious type of vulnerability. According to the firm’s report, this security flaw could allow bad actors to ping over a carefully-crafted email which, when opened in the default iPhone Mail app, would allow them to “leak, forward and delete” messages from the victim’s inbox.

Related: Worried about the iPhone Mail hack? Here’s how to protect yourself

ZecOps also said that the vulnerability had already been used to target high-profile individuals. For privacy reasons, the firm didn’t disclose the full details – but Apple has said that’s a load of tosh.

Issuing a statement to Reuters, the company said: “We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”

Apple has acknowledged the existence of the vulnerability, issuing a fix in the form of its beta 13.4.5 iOS update. But it’s currently denying that the security flaw has actually been used.

In response to this, ZecOps has said that it will back-up its claims by disclosing additional technical information, once Apple has rolled out the fix to the wider public.

ZecOps isn’t the only company to notice suspicious activity surrounding Apple at the moment. We reached out to Cyble, a third party cyber intelligence platform, to get its input on the matter.

“While we don’t have direct evidence of active exploitation of Apple Mail App at this point however, we are closely monitoring any developments. We are aware of zero-days on sale for Apple iOS being sold in the private and deepweb markets,” Cyble CEO Beenu Arora told Trusted Reviews.

He also said: “There is a high probability that nefarious actors may have got access to 0-days in the private darkweb markets to conduct their operations. The critical thing to note is that Apple has released fixes for these vulnerabilities as part of iOS 13.4.5 beta 2, which was released on April 15 and we expect Apple will release iOS 13.4.5 into general availability soon, especially after these public reports.”

Related: Best iPhone 2020

Cyble advises that users disable their Mail App and switch to alternatives for the time being. We’ve asked Apple when the fix will be rolled out to the general public.