Vulnerabilities in iOS version 6 and later dating from September 2012 that are triggered via the iOS email app have been disclosed that if exploited allow remote code execution.

The problems were revealed by the security firm ZecOps, which has spotted the vulnerability being trigged in the wild on iOS 11.2.2 as far back as November 2018 and potentially even earlier. Apple was informed in February 2019 and the company released a beta patch in April correcting the issue. Only the iOS email app is vulnerable, not other third party variety’s like Gmail or Outlook.

“The vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13). Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails. Additional kernel vulnerability would provide full device access – we suspect that these attackers had another vulnerability. It is currently under investigation,” ZecOps reported.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.