Apple Mail for iPhone may be vulnerable to malware attacks2020-04-22 19:04 by Daniela
Tags: Apple Mail, malware, iPhone
A new potentially serious software vulnerability has been discovered in iOS 13 that works via the default Mail app on iPhone and iPad. San Francisco-based cybersecurity firm ZecOps said that they came across the two flaws while running routine digital forensics on customer devices. After further investigation, they found evidence of targeted attacks, which they outlined in a report on Wednesday.
The bugs in question are remote code execution flaws that reside in the MIME library of Apple's mail app—first, due to an out-of-bounds write bug and second, is a heap overflow issue. In simple terms, researchers said the attack occurs when an attacker sends a specially crafted email that, when received on an iOS device's Mail app, guzzled so much memory it created conditions ripe for a heap overflow attack.
"The vulnerability does not necessarily require a large email – a regular email which is able to consume enough RAM would be sufficient. There are many ways to achieve such resource exhaustion including RTF, multi-part, and other methods," researchers wrote.
The vulnerability can be triggered before the entire email is downloaded, hence the email content won't necessarily remain on the device, researchers said.
The vulnerabilities are said to impact all software versions between iOS 6 and iOS 13.4.1. ZecOps said that Apple has patched the bugs in the latest beta of iOS 13.4.5, which should be publicly released within the coming weeks. In the meantime, ZecOps recommends using a third-party email app like Gmail or Outlook, which are apparently not impacted.
Read more -here-