The iOS exploit in the discussion is being used by hackers since 2018 but it existed since 2012.
Just yesterday it was reported that alleged Chinese state-sponsored hackers have been exploiting a critical vulnerability in iOS to spy to Uyghurs Muslim minority in China. Now, in a new report published by security firm Zecops, it has been found out that a bug in iOS is being exploited by hackers since at least January 2018.
Termed as a zero-day exploit; the vulnerability exists in the default iOS mail app allowing the exploit to run when users open the app or even when a specially crafted email for this purpose is received without any interaction by the user in some cases.
According to the researchers, “the vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13),” with 6 of the victims identified by Zecops believed to be high profile ones:
- Individuals from a Fortune 500 organization in North America
- An executive from a carrier in Japan
- A VIP from Germany
- Managed Security Service Providers(MSSPs) from Saudi Arabia and Israel
- A Journalist in Europe
- Suspected: An executive from a Swiss enterprise
If the attackers managed to be successful, they can potentially leak, delete, or modify the emails which can have serious consequences.
Moreover, if they managed to get their hands on an “additional kernel vulnerability,” this can allow them to gain access to the entire device. This is not confirmed though at the moment if they did have any such access.
On the other hand, if the attack fails, the mail application may suddenly crash on iOS 12 leaving users with little to no suspicion whereas an empty email would be received in iOS 13 as shown below: Elaborating on the way attackers hid their tracks, the researchers elaborate by stating how,
“Although the data confirms that the exploit emails were received and processed by victims’ iOS devices, corresponding emails that should have been received and stored on the mail-server were missing. Therefore, we infer that these emails may have been deleted intentionally as part of attack’s operational security cleanup measures.”
Alongside, the mail application may also slow down but that’s it, nothing more.
As for the groups that were behind this, Zecops believes that a nation-state may be involved but could not confirm any such of its suspicions at the moment.
Furthermore, Apple was alerted on the 19 February 2020 and then released a patch on 15 April with the release of iOS 13.4.5 beta.
Nevertheless, even though as we stated earlier on how the bug was being exploited since January 2018, its existence goes back to 2012 with the release of iOS 6. This means that for users who haven’t updated, they should when possible to steer clear from being a victim of such malicious attempts.
For the time being though, it is recommended that you disable your Apple Email until a patch is available for all and use other email providers like Gmail and Outlook.