iPhone Mail app flaw enabled hackers to ‘leak, modify and delete’ emails

Apple plans to patch a bug within iOS that has allegedly enabled email data to be hacked from a number of iPhone handsets.

A security vulnerability within the iOS Mail app was exposed by the ZecOps security firm on Wednesday. According to the researchers it has been the target of hackers since 2018.

The San Francisco-based company said it had “high confidence” the exploit, which is triggered when the user opens the stock Apple Mail app, has been used in the wild against unwitting iPhone users.

“The vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13),” the ZecOps team write in a report. “Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails.”

Related: Best iPhone 2020

It’s not clear how the hackers were able to access this app in there first place, but it assumed they had another route into the iPhone via another iOS kernel vulnerability. Likewise, it doesn’t appear as if the issue goes beyond the Mail app to other parts of the device.

The list of those targeted by the issue suggest this might be a state-sponsored attack. Journalists and high-level corporate executives are on the hit list, although it is not known how successful efforts to exploit their emails were.

“We believe that these attacks are correlative with at least one nation-state threat operator or a nation-state that purchased the exploit from a third-party researcher in a Proof of Concept (POC) grade and used ‘as-is’ or with minor modifications,” ZecOps said.

According to a Motherboard report, which was the first publication to shed light on the issue, the zero-day hack has already been fixed in a beta version of the application, which will be rolled out to iPhone users in a coming iOS 13 update.

While we, dear readers, might not be the high-level targets sought out by the bad actors, it’s probably advisable to download iOS 13.4.5 as soon as Apple releases it to consumers.