A bug suspected to exist eight years ago is back and brings a serious threat to iPhone and iPad users.
A security firm published an alert post on Wednesday, warning iPhone and iPad users of a threat that targets iOS devices. The report talked about a vulnerability that existed in 2012.
The exploit could penetrate iOS devices through emails that consume a significant amount of memory. The bug attacks the iPhone and iPad through default email applications.
On devices running iOS 12, the vulnerability enters by sending an email to mobile mail application. Once the email is received, a click on the message will activate the attack.
Meanwhile, devices running iOS 13 activates the bug even without opening the email received through maild, its default email app. As the booby-trapped email opens on the background, the threat starts to do its thing.
Both successful and unsuccessful bug attempts to penetrate iOS 12 devices show similar signs. Mobile mail applications will slow down temporarily or in other cases, the email app will suddenly crash.
iOS 13 devices, on the other hand, show a very small indication of the attack. A temporary slow down of maild indicates a bug attempt. An email saying, “this message has not content,” indicates that an attempt to exploit a device just failed.
Critical bug target
The report from the security firm confirmed that the bug is out to hack specific high-profile targets. They gave out six names of organizations that hackers are eyeing for the said bug.
Among the list of targets are Fortune 500 organizations in North America individuals, a Japanese executive carrier, and a VIP from Germany.
The hackers also planned to attack targets from a managed security services provider in Saudi Arabia and Israel, a journalist in Europe, and possibly a Swiss enterprise executive.
The bug that the security firm identified as a zero-day combined with a separate vulnerability existed in September 2012. That was the time when Apple launched iOS 6 and released the iPhone 5 in the market.
Researchers discovered the earliest bug trigger in the wild in January 2018. The attackers allegedly started to exploit the bug during the iOS 11.2.2 release. Tested devices running versions iOS 6 to iOS 13.4.1 are susceptible to hacking.
As a part of their continuous study, the researchers found strings on the bug commonly used by hackers such as 414141…4141. With such kind of attacks, the iPhone and iPad that received the email bug process the exploit.
Apple’s product security and the engineering team immediately released a patch on iOS 13.4.5 to prevent vulnerability. However, the patch is only available on beta mode and is still waiting for the general market release.
Image courtesy of ragdezemog96/Pixabay