A ‘zero-day’ vulnerability has been discovered in the iOS 13 Mail app by ZecOps security group, according to Motherboard. This potentially dangerous exploit is able to be triggered remotely by hackers without the need for user interaction.
The term ‘zero-day’ refers to software that had been obtained by hackers from a developer prior to its release. Exploits related to zero-day are able affect applications, data or networks until the vulnerability is made aware of and mitigated.
ZecOps reports that the iOS 13 Mail app vulnerability allows attackers to infect a device – usually high-profile targets – with malware or other forms of malicious code. The security group began investigating the exploit last year after several of its clients reported crashes in the Mail app, and found that receiving infected messages through the app was enough to trigger the payload.
The group adds that the attacks are only limited to iOS Mail, and does not affect other email client applications such as Gmail. Being a zero-day exploit, Apple would not have any form of defense against it in place and in the worst case scenario, any countermeasures taken after reported attacks would have been too late.
Fortunately, Apple has confirmed that the vulnerability identified by ZecOps have been patched in the latest iOS 13.4.5 beta, and a public release is planned to be rolled out in the coming weeks. With that said, the security firm has urged users to hold out on using the iOS Mail app for the time being – at least until the update rolls out – if they’re concerned regarding this.