The ZecOps company announced a few days ago that it had acquired two previously unknown security flaws that affect the app Email for iOS. By exploiting these errors, according to their discoveries, it is possible to remotely access the iPhone or iPad file system. Now Apple has responded and expresses doubts about the situation.
A serious but insufficient failure to compromise devices
The history of this vulnerability begins on February 19, when ZecOps reports unusual app behavior Email and, later, on March 31, the company notified Apple of the second risk. On April 20, ZecOps contacted Apple that they had received evidence that the vulnerability was being used. Now Apple and respond in public to determine the situation.
Apple takes all reports of security threats seriously. We have thoroughly investigated the investigator's report and, based on the information provided, we have found that these errors do not endanger our users. The investigator identified three problems in the Email, but they were themselves It is not enough to override the security of the iPhone and iPad, and we found no evidence of use against customers.
These potential issues will be resolved in a software update that will be released shortly. We appreciate our collaboration with security researchers to help keep our users safe and we will reward the researcher for their help.
In some cases, Apple's action in the event of a breach of security from time to time very fastSo the fact that we can now wait for future updates reinforces Apple's message: It's a security flaw, but not enough to compromise app security.
Or at all, and as we always remember, the updates, both following and the rest, contain bug fixes. Many times during my training I hear phrases such as "I have not installed Catalina yet because they are not very reliable", okay, it depends on what we perceive as unstable, but one thing is clear: system security is compromised.
Currently we can only wait for future updates. If we want to take it one step further we can disable it Email (Settings> Our Name> iCloud> Mail) on device and email access via iCloud.com, a measure that, if we listen to Apple, we don't need.
