23 April 20, 11:03
Quote:Researchers are reporting two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1. Apple patched both vulnerabilities in iOS 13.4.5 beta, released last week.
A final release of iOS 13.4.5 is expected soon.
Both vulnerabilities are are believed to have been actively exploited by an “advanced threat operator” since 2018, according to researchers at ZecOps that publicly disclosed the bugs in a research report published Wednesday.
Both bugs are remotely exploitable by attackers who simply send an email to victims’ default iOS Mail application on their iPhone or iPad.
“The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13,” wrote researchers.
According ZecOps, the vulnerability allows hackers to remotely access data from targeted iPhones running the most recent iOS version. They add, the flaw can also give adversaries access to messages associated with Apple’s default Mail app.
Read more: https://threatpost.com/apple-patches-two...rs/155042/