The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Apple Mail for iPhone may be vulnerable to malware attacks

2020-04-22 19:04 by
Tags: , ,

 

A new potentially serious software vulnerability has been discovered in iOS 13 that works via the default Mail app on iPhone and iPad. San Francisco-based cybersecurity firm ZecOps said that they came across the two flaws while running routine digital forensics on customer devices. After further investigation, they found evidence of targeted attacks, which they outlined in a report on Wednesday.

The bugs in question are remote code execution flaws that reside in the MIME library of Apple's mail app—first, due to an out-of-bounds write bug and second, is a heap overflow issue. In simple terms, researchers said the attack occurs when an attacker sends a specially crafted email that, when received on an iOS device's Mail app, guzzled so much memory it created conditions ripe for a heap overflow attack.

"The vulnerability does not necessarily require a large email – a regular email which is able to consume enough RAM would be sufficient. There are many ways to achieve such resource exhaustion including RTF, multi-part, and other methods," researchers wrote.

The vulnerability can be triggered before the entire email is downloaded, hence the email content won't necessarily remain on the device, researchers said.

The vulnerabilities are said to impact all software versions between iOS 6 and iOS 13.4.1. ZecOps said that Apple has patched the bugs in the latest beta of iOS 13.4.5, which should be publicly released within the coming weeks. In the meantime, ZecOps recommends using a third-party email app like Gmail or Outlook, which are apparently not impacted.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About