In a statement released on Thursday, Apple, Inc. debunks ‘untrue’ vulnerability claims of the cyber-security firm that discovered the flaws in the iOS Mail app.
American multinational technology company Apple, Inc. faces a critical turning point in its cadence after a flaw in its email app is found to have been detrimental to its users’ information security.
Cyber-security firm ZecOps asserts that the said flaw has been ‘widely exploited’ in targeted attacks. It also believes that the said attacks have been carried out by some threat operators since 2018 ensuing a panic among millions of Apple users.
According to research from the security firm @ZecOps, the #iOS Mail app has a crucial vulnerability that allows bad actors to gain access to the device’s information. The flaw can affect #iPhones and #iPads alike.https://t.co/7FNLN0xUmt
— BeInCrypto (@beincrypto) April 25, 2020
Privacy in Peril
According to a report, the said flaw was reported to Apple by ZecOps in March. The cybersecurity firm describes the flaw as a bug that “allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails,”
With the flaw, hackers can maliciously send a blank message to an iPhone or iPad email account. When a user opens the said message, it would crash the Mail app forcing the user to reboot his device. Unknowingly, users are robbed of the information on their device during the time when the phone reboots.
Further, the firm informs that affected users might not readily notice any changes on their device except emails displaying warnings and a slackening Mail app.
https://twitter.com/jstandre/status/1253927587304419328?s=20
The ‘flaw’ is of a larger scale
ZecOps has disclosed in its statements that suspected targets of the exploits were those who came from Fortune 500 organizations in North America, top-management individuals from key companies in Japan, Germany, and Switzerland, as well as established journalists.
From this statement, it appears that the attackers have not just targeted users from one part of the globe, but that it has been scheming to take on users from a wider geographical cohort.
flaw had not previously been disclosed to #Apple, making it extremely valuable to a variety of bad actors. ZecOps: “with high confidence that these vulnerabilities…are widely exploited in the wild in targeted attacks by an advanced threat operator(s).”https://t.co/xyyJW4UW15
— hewiak, from Mastodon (@hewiak) April 23, 2020
Apple’s denial
Remaining steadfast, Apple debunks the said vulnerability claims in their statement and maintains that the flaws were not in any way used against its users. It assures the same that the protections in place on their devices are strong enough to keep any potential risk at bay.
The lack of evidence has been a comfort to some users, while a few critical ones remain agnostic and in doubt.
Finally, Apple guarantees that it has patched the said flaws in its latest iOS 13.4.5 beta, which should be released to the public soon. ZecOps confirms this statement but remains firm to its stand that real-world attacks have already taken place.
Featured image courtesy of Drew Rae/Pexels.