Mail app

Stop using your iOS messaging app now! Here’s what you need to know about the creepy flaw you just discovered (and how to stay safe)

Reports are coming in that the Stock Mail app preloaded on iOS devices, including iPhones and iPads, contains a zero-day vulnerability that hackers have been able to exploit for years, exfiltrating data while flying under the radar. But before we get into the details, here’s a public service announcement:

Stop using the stock iOS Mail app now! Hackers are actively exploiting an unpatched bug to steal data from unsuspecting victims.

Now on to our story…

Although iOS generally excels at thwarting hackers, Apple’s mobile operating system is not immune to attacks. When bugs appear, they are big and bring in millions to well-funded criminals eager to exploit them. And because these bad actors are good at keeping their mischief a secret, only targeting high-profile victims without a trace, they can fly under the radar as long as the flaw remains their dirty little secret.

Long story short

Last night Reuters sounded the horn over a serious flaw in Apple’s mobile operating system that left more than half a billion iPhones vulnerable to hackers for at least two years. According to the researchers, the flaw itself – in Apple’s messaging app’s MIME library – has been hiding in the software for about eight years.

ZecOps, the San Francisco-based company that discovered the vulnerability, said hackers were exploiting the flaw in combination with other core issues to deploy their attacks. Chief Executive Zuk Avraham reportedly found evidence that the vulnerability was exploited in at least six cybersecurity break-ins.

Avraham described a targeted client as a “Fortune 500 North American technology company.” Other potential victims include high-level employees of companies in Japan, Germany, Saudi Arabia and Israel. The executive declined to name any of the victims.

According to research, victims receive what appears to be a blank email message which, due to its underlying code, causes the Mail application to crash. During the crash and restart sequence, malicious code is executed, allowing hackers to remotely access data available to the Mail app, including messages and photos. The researchers call this a “zero-click” exploit, because the attack requires no user intervention.

“With very limited data, we were able to see that at least six organizations were impacted by this vulnerability – and the total extent of abuse of this vulnerability is huge,” the researchers said, adding that they were ” aware that at least one ‘hackers-for-hire’ organization sells exploits using vulnerabilities that exploit email addresses as a primary identifier.

How to Stay Safe Until Apple Fixes the Bug

Apple has already rolled out a fix in the latest developer beta of iOS. The public release of Apple’s new iOS version is not yet scheduled, but it should happen soon, given the circumstances.

While attacks exploiting this flaw are apparently directed against highly targeted personalities, it’s worth shelving the iOS Mail app until Apple fixes the flaws. Use another email client, like Outlook or Gmail in the meantime.

To ensure that your Apple gadgets are safe from cyber threats in general, consider installing a proven security solution on your shiny iDevice.

Bitdefender Mobile Security is a free application designed to protect your sensitive data from prying eyes. It comes with a VPN that protects your online presence by encrypting all internet traffic. Flip the switch to Web Protection to turn it on and we’ll block any dishonest pages that seek your personal information such as your credit card details or social security number. Want to know if your email accounts have been leaked or if your accounts are still private? Simply validate your email address with the app and Bitdefender Mobile Security will perform a check to find out if your privacy has been breached. We’ll show you what to do in case this happens.

*** This is a syndicated blog from HOTforSecurity’s Security Bloggers Network written by Filip Truta. Read the original post at: scary-flaw-just-discovered-and-how-to-stay-safe-23051.html