According to reports by leading global security researchers, there are some serious vulnerabilities in Apple’s native Mail application for iPhone and iPad devices, which can allow hackers to get personal information without the users even knowing.
One of these flaws is a ‘remote zero-click’. This means that a user device gets infected without any interaction with a malicious download or website. The device is infected when a user opens a rigged email that is delivered by the hacker in the Mail app.
These security issues were discovered by a US-based security firm ZecOps, which published a report stating that ‘the newly discovered flaws have been widely exploited in the wild’. According to the same report, these vulnerabilities went unnoticed for almost 10 years, and had first appeared in Apple’s Mail application with iOS 6.
This comes as quite the shock because Apple is globally known and praised for its excellent digital security standards and watertight code; but clearly its devices are not invincible either. Apple was unaware of the existence of these flaws, and hence couldn’t prevent exploitation.
According to ZecOps, it has verified the flaws in a controlled lab setting after users reported unusual device failures. The firm also uncovered evidence that these data hacks have been used to assault multiple high-profile targets, including employees of a Fortune 500 company and an executive at a Japanese telecom firm.
To mitigate these issues, the firm has suggested that users download the latest beta available. If that is not possible, the they have asked users to disable the Mail application altogether, till Apple rolls out a fix.