Apple is to fix a security bug with the Mail app of its iPhone and iPad software, iOS, which has existed for years.
The bug was discovered by ZecOps, a San Francisco-based mobile security forensics company, while investigating an attack against a client that took place in late 2019.
- Zoom hackers are trying to sell two video chat exploits for $500k
- Hundreds of cybersecurity experts unite to fight coronavirus hacking
- Apple promises a $1 million hacking bounty
Apple has acknowledged the bug and says it will be fixed with the next iOS software update.
ZecOps wrote on its website how the vulnerability, which has existed since iOS 6 of 2012 and is likely present on hundreds of millions of iPhones and iPads the world over, could allow attackers access to a victim's phone without physical contact.
The bug is exploited by attackers sending an email that, although small in size, is composed in such a way that it consumes a large amount of the iOS device's RAM. If it uses up enough RAM, the Mail app will crash, forcing the device to reboot.
This crash and reboot then gives attackers access to email inboxes and other areas of the iPhone or iPad, including photos and contact details.
Unlike most other cyberattacks, the vulnerability does not require the target to download an email attachment, or click on a link. Merely opening the email - or even by having the Mail app running in the background on devices running iOS 13 - is enough for the attack to take place.
ZecOps says it believes the bug has been exploited since at least January 2018, but that the vulnerability has been present since at least iOS 6, which was released with the iPhone 5 back in September 2012.
More than theoretical, ZecOps says the bug has been exploited to target at least six people. These include an individual from a Fortune 500 company in North America, an executive from a carrier in Japan, a VIP from Germany and a journalist in Europe.
The company said: "We are aware of multiple triggers in the wild that happened starting from Jan 2018, on iOS 11.2.2. It is likely that the same threat operators are actively abusing these vulnerabilities presently. It is possible that the attacker(s) were using this vulnerability even earlier. We have seen similarities between some of the suspected victims during triggers to these vulnerabilities."