Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Zero-Day Warning for iOS Users

 

Systems Affected



Threat Level


High


Overview


The default Mail App found in iPhones and iPads have been found vulnerable to two critical flaws that attackers are exploiting.


Description


The vulnerabilities of the mail application allow attackers to take complete control over Apple devices remotely by simply sending an email to any targeted individual. These flaws which resides in the MIME library of the Apple mailing application are triggered while processing the contents of an email and they are critical hence it can be exploited with 'zero-click,' which means that no action is required from the targeted user.

According to the researchers at ZecOps, when these flaws are exploited most iOS users are unlikely to notice. Major flaws that have been identified are remote code execution and the heap overflow issue. These issues are identified in the current iOS 13.4.1 version and there is no security patch available at present, although Apple has patched both vulnerabilities in iOS 13.4.5 beta version, which is to be released soon.


Impact


  ✻  Leakage of personal information such as usernames and passwords.
  ✻  Slowdown of mobile mail application.
  ✻  Disclosure, modification and deletion of emails.


Solution/ Workarounds


  ✻  Do not to use Apple built-in mail application until a patch is available (iOS version 13.4.5 is released).
  ✻  Use an alternative mail application


References


  ✻  https://thehackernews.com/2020/04/zero-day-warning-its-possible-to-hack.html
  ✻  https://threatpost.com/apple-patches-two-ios-zero-days-abused-for-years/155042/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.