Following a routine iOS Digital Forensics and Incident Response (DFIR) investigation, ZecOps found a number of suspicious events that affecting the default Mail application on iOS dating as far back as Jan 2018. ZecOps analyzed these events and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time.
Read the ZecOps detailed report
The attack consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13. The ZecOps report states, “Based on ZecOps Research and Threat Intelligence, we surmise with high confidence that these vulnerabilities – in particular, the remote heap overflow – are widely exploited in the wild in targeted attacks by an advanced threat operator(s).”
Three cybersecurity experts offer their perspective
Chris Clements, VP of Solutions Architecture, Cerberus Sentinel
“These attacks on iOS devices have been exploited for over 2 years by nations states and professional hacking organizations and affect all versions of iOS since at least 2012. The attack affects the built-in iOS Mail app but not other popular emails apps such as Outlook or Gmail. You must assume that any attacker with enough ability or financial backing has access to sure-fire exploits that can take control of computers or devices running any operating system or application. These exploits are specially designed to go undetected by anti-virus, firewalls, or other front-line security controls. They only way to defend against such attackers is to have a culture of security with defense in-depth capabilities including close monitoring of security logs and anomalous network traffic.”
Josh Bohls, CEO and Founder, Inkscreen
“This disclosure highlights the fact that all apps and mobile platforms are vulnerable to hacks and intrusions. The silver lining in this case is Apple’s apparent acknowledgement of the issue and quick action to address it now that the issue has come to light. Apple will always hold an advantage over Android in their centralized approach to software updates, although the rapid evolution of devices and operating systems (iOS and now iPadOS) have led to a unique form of fragmentation that makes this email flaw more challenging to address than it might have been five years ago. This should serve as yet another reminder to only install trusted apps, especially in a business setting.”
James McQuiggan, Security Awareness Advocate, KnowBe4
“This type of vulnerability is disturbing because it involves no action by the user, as they may not realize their smartphone is infected after an attack. While this vulnerability has been fixed in the developer’s current beta versions, it is essential to get the patch out soon for end users to secure their devices from this exploit. Depending on the risk and confidentiality of an employee’s email, an organization will need to determine if they are to stop using the vulnerable application until the patch is released.”
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.