Security News > 2020 > April > Apple Finds No Evidence of Attacks Targeting iOS Mail App Vulnerabilities
Apple has confirmed that its Mail application for iOS is affected by some vulnerabilities, but the tech giant has downplayed their impact and disputed claims that the flaws have been exploited in attacks.
Cybersecurity automation company ZecOps reported on Wednesday that it had identified a couple of critical zero-day vulnerabilities in the Mail app for iOS. The flaws, which the company says have existed since the release of iOS 6 in 2012, can be exploited to execute arbitrary code in the context of the application by sending a specially crafted email to the targeted user.
While on iOS 12 some user interaction is required for exploitation, ZecOps noted that no user interaction is required on iOS 13.
Apple also said that it found no evidence the vulnerabilities were used against its customers.
"While ZecOps refrain from attributing these attacks to a specific threat actor, we are aware that at least one 'hackers-for-hire' organization is selling exploits using vulnerabilities that leverage email addresses as a main identifier."
News URL
Related news
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Apple plugs security hole in its iThings that's already been exploited in iOS (source)
- New Apple CPU side-channel attacks steal data from browsers (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple warns 'extremely sophisticated attack' may be targeting iThings (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)