Security News > 2020 > April > Apple Finds No Evidence of Attacks Targeting iOS Mail App Vulnerabilities

Apple has confirmed that its Mail application for iOS is affected by some vulnerabilities, but the tech giant has downplayed their impact and disputed claims that the flaws have been exploited in attacks.

Cybersecurity automation company ZecOps reported on Wednesday that it had identified a couple of critical zero-day vulnerabilities in the Mail app for iOS. The flaws, which the company says have existed since the release of iOS 6 in 2012, can be exploited to execute arbitrary code in the context of the application by sending a specially crafted email to the targeted user.

While on iOS 12 some user interaction is required for exploitation, ZecOps noted that no user interaction is required on iOS 13.

Apple also said that it found no evidence the vulnerabilities were used against its customers.

"While ZecOps refrain from attributing these attacks to a specific threat actor, we are aware that at least one 'hackers-for-hire' organization is selling exploits using vulnerabilities that leverage email addresses as a main identifier."

News URL

http://feedproxy.google.com/~r/Securityweek/~3/S7kIeBoofeg/apple-finds-no-evidence-attacks-targeting-ios-mail-app-vulnerabilities