It appears that a security flaw on iPhone and iPad devices have exposed them to security risks for years.
The said bug, which exists in the iPhone and iPad Mail app, was discovered by a US-based mobile security company called ZecOps. The firm’s CEO, Zuk Avraham, have found evidence that this vulnerability has existed and exploited by some hackers by at least six different times already.
Avraham has found evidence that hackers might have been taking advantage of the iOS flaw since January 2018.
It’s said that hackers will send a blank email to the victims via the Mail app that would force a crash and reset. This will allow hackers to steal photos and contact details to the affected device.
The hackers can pretty much access whatever the Mail app can access, which also includes confidential and sensitive messages. Avraham reported that the hack can be triggered remotely and hackers have already used it against some high-profile users.
It’s also said that a Fortune 500 North American tech company, one of ZecOps’ clients, have been affected by this hacking technique. Some employees in other companies in Germany, Japan, Saudi Arabia, and Israel were also said to be affected.
- iPhone 6, 6S, 7, 8 vs iPhone SE 2020: should you upgrade?
- The ‘cheap’ iPhone SE 2020 is faster than some flagship Android phones
Apple has already acknowledged this software vulnerability. A spokesperson said that they have already created a fix, and will start to seeding it as a software update on iPhone and iPad devices globally. However, the company didn’t provide a comment about Avraham’s findings.
What’s worse, Avraham suspects that this type of hacking is just a part of a chain of malicious programs created to grant hackers remote access to iPhones and iPads — programs that are yet to be discovered.
Avraham used to work has an Israeli Defense Force security researcher. His latest discovery was backed by two other independent security researchers, who said that the evidence is credible, but they yet to fully recreate the findings.
UPDATE: Bloomberg reports that Apple didn’t find any evidence that hackers have exploited iPhones and iPads via the Mail app