large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

iPhone Mail app flaw enabled hackers to ‘leak, modify and delete’ emails

Apple plans to patch a bug within iOS that has allegedly enabled email data to be hacked from a number of iPhone handsets.

A security vulnerability within the iOS Mail app was exposed by the ZecOps security firm on Wednesday. According to the researchers it has been the target of hackers since 2018.

The San Francisco-based company said it had “high confidence” the exploit, which is triggered when the user opens the stock Apple Mail app, has been used in the wild against unwitting iPhone users.

“The vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13),” the ZecOps team write in a report. “Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails.”

Related: Best iPhone 2020

It’s not clear how the hackers were able to access this app in there first place, but it assumed they had another route into the iPhone via another iOS kernel vulnerability. Likewise, it doesn’t appear as if the issue goes beyond the Mail app to other parts of the device.

The list of those targeted by the issue suggest this might be a state-sponsored attack. Journalists and high-level corporate executives are on the hit list, although it is not known how successful efforts to exploit their emails were.

“We believe that these attacks are correlative with at least one nation-state threat operator or a nation-state that purchased the exploit from a third-party researcher in a Proof of Concept (POC) grade and used ‘as-is’ or with minor modifications,” ZecOps said.

According to a Motherboard report, which was the first publication to shed light on the issue, the zero-day hack has already been fixed in a beta version of the application, which will be rolled out to iPhone users in a coming iOS 13 update.

While we, dear readers, might not be the high-level targets sought out by the bad actors, it’s probably advisable to download iOS 13.4.5 as soon as Apple releases it to consumers.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.