April 23, 2020
Two zero-day vulnerabilities were found by ZecOps startup enabling successful remote attacks on iOS users with devices running iOS 6 or above.
The scope of the attacks consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or email on iOS 13.
Successful exploitation of this vulnerability enables the attackers to run remote code on the compromised iPhone and iPad devices allowing them to gain access to, leak, edit, and delete emails.
The suspected targets included
- Individuals from a Fortune 500 organization in North America
- An executive from a carrier in Japan
- A VIP from Germany
- MSSPs from Israel and Saudi Arabia
- A Journalist in Europe
- Suspected: An executive from a Swiss enterprise
Abnormal Behaviors duo to Exploiting Attempts:
- a temporary slowdown of the mobile mail application
- A sudden crash of the Mail application.
- In failed attacks, the emails that would be sent by the attacker would show the message: “This message has no content”.
Apple has already included a patch for the zero-days in iOS 13.4.5 beta 2 released on April 15, with a security fix to be made available for users of stable iOS versions soon.
You can find the full report by ZecOps here