Security News > 2020 > April > Zero-Day Vulnerabilities in iOS Mail App Exploited in Targeted Attacks

The Mail application in iOS is affected by two critical zero-day vulnerabilities that appear to have been exploited in targeted attacks since at least January 2018, cybersecurity automation company ZecOps reported on Wednesday.
The vulnerabilities, described as out-of-bounds write and heap overflow issues, affect the MobileMail application on iOS 12 and maild on iOS 13, and they can be exploited by sending specially crafted emails to the targeted user.
The attack does not require any user interaction on iOS 13; opening the Mail app in the background is enough to trigger the exploit.
On iOS 12, the targeted user needs to click on the malicious email to trigger the exploit - zero-click attacks are possible on iOS 12 if the attacker can control the mail server.
"Based on ZecOps Research and Threat Intelligence, we surmise with high confidence that these vulnerabilities - in particular, the remote heap overflow - are widely exploited in the wild in targeted attacks by an advanced threat operator(s)," ZecOps said in a blog post.
News URL
Related news
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack (source)
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)