Cybersecurity firm ZecOps recently published a report claiming to have found a zero-day exploit in Apple’s built-in Mail app. Now, Apple has responded to the controversy in a statement to Indianexpress.com.
“Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users,” Apple said in a statement. “The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.”
In a statement, the company does admit of an exploit but it’s not as dangerous as ZecOps makes it out to be. Apple says the issues will be fixed in a software update soon.
On Thursday, ZecOps said it found evidence that hackers have been using a malicious program since at least January 2018, gaining access to the iOS mobile operating system. ZecOps researchers say the attack is a zero-click exploit, meaning it doesn’t require users to click on the email in order to get the device infected.
The attackers send black emails that would corrupt the iPhone when the users try to open the message. This way hackers gain entry to the device, giving them access to confidential emails, photos, and other details. It affects the iPhone with iOS 13, though the cyber-security firm says the vulnerability has existed since at least iOS 6, which was released way back in 2012.
“ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time,” the cybersecurity firm said. “The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13.”
The cybersecurity firm claimed it was able to identify who was targeted by the bug which includes individuals an executive from a mobile carrier in Japan, employees of technology companies in Saudi Arabia and Israel, a European journalist, and individuals from a Fortune 500 company in North America.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines