Security News > 2020 > April > Zero-Day Vulnerabilities in iOS Mail App Exploited in Targeted Attacks

The Mail application in iOS is affected by two critical zero-day vulnerabilities that appear to have been exploited in targeted attacks since at least January 2018, cybersecurity automation company ZecOps reported on Wednesday.

The vulnerabilities, described as out-of-bounds write and heap overflow issues, affect the MobileMail application on iOS 12 and maild on iOS 13, and they can be exploited by sending specially crafted emails to the targeted user.

The attack does not require any user interaction on iOS 13; opening the Mail app in the background is enough to trigger the exploit.

On iOS 12, the targeted user needs to click on the malicious email to trigger the exploit - zero-click attacks are possible on iOS 12 if the attacker can control the mail server.

"Based on ZecOps Research and Threat Intelligence, we surmise with high confidence that these vulnerabilities - in particular, the remote heap overflow - are widely exploited in the wild in targeted attacks by an advanced threat operator(s)," ZecOps said in a blog post.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/BvmX52l3JDw/zero-day-vulnerabilities-ios-mail-app-exploited-targeted-attacks