ZecOps company recently announced that it has acquired it two previously unknown security flaws that affect the app Email from iOS or iPadOS. By exploiting two errors it is possible to get far away from the messages stored in the app.
One more reminder of the importance of rehabilitation
According to the San Francisco-based company, one of the two vulnerabilities allows an attacker to compromise device security by sending an email that uses important memory. The second risk, on the other hand, is allowing the code to work remotely on the device. Included, as ZecOps explains, are the risks involved with both may allow an attacker to access, change or delete emails within the app Email.
It turns out that this vulnerability affects devices from iOS 6 to iOS / iPadOS 13.4.1, the current version. Apple is preparing a bug in the latest iOS 13.4.5 beta that will affect the general public in the coming weeks. Given the situation it is likely Apple issue a minor update, for example 13.4.2, with the necessary modifications.
According to ZecOps, the use of these security flaws has been effective since January 2018, with iOS 11.2.2. The targets of the attack can be personal, government, or corporate and corporate executives. Right now, the only option, other than waiting for a quick response from Apple, seems to be to disable email (Settings> Our Name> iCloud> Mail) on the device and access emails through icloud.com.
It should be noted that, in terms of industry best practice, ZecOps should give Apple 90 days to fix the situation after talking to us. Apparently the company decided skip that period to make your discovery known as quickly as possible community. The decision, it is worth mentioning, may have a negative impact on users' safety, as an update is not available. However, it is important to remember that this is an attack that needs to be directly targeted at a specific location, so even though the danger is there, it is less than likely.
As we've mentioned many times, app updates far outweigh new functions: they guarantee the security and privacy of our data. If we value this security, the recommendation is to always keep our equipment updated.
