Updated:04/24/2020 02: 02h
Total security on the internet does not exist. Regardless of the brand that your device has manufactured and the operating system it has. A recent Study carried out by the American mobile security company Zecops states that it has found a vulnerability in the Mail application (mail, in Spanish) of the phones iPhone and tablets iPad. Also, among its pages it is expressed that it is quite probable that this security breach has put at risk the information of the devices of 500 million users. It has been around since 2018.
As stated in statements to “Reuters” Zuk Avraham, CEO of ZecOps, this back door it has already been used by cyber criminals to steal the data of various users. Apple, for its part, has recognized the same means that the failure in the Mail application, indeed, exists. Also, the Cupertino technology company ensures that it is working to solve the problem by launching an upcoming update. Despite this, he did not want to confirm whether the vulnerability has already been exploited by cyber criminals.
To exploit the vulnerability, Zecops explains, attackers send a apparently blank message to an email account of users who have a device from the apple firm. The moment the victim opens it, the Mail application suffers a crash that forces the victim to restart the terminal. This is when cyber criminals could access and steal information from within the “app”.
Zescop researchers note that all iPhones and iPads with iOS 6 or higher are affected. These obviously include the latest version of the operating system: 13.4.1. What’s more, as they say, the vulnerability is especially serious in iOS 13, since user interaction is not required to compromise the device. Just that the Mail app is running in the background. For its part, in iOS 12 the victim needs to click on the malicious email, activating the attack before the content of the message is displayed.
Additionally, attackers can make multiple attempts to exploit this vulnerability, without the user noticing anything strange beyond a temporary device slowdown in iOS 13 or the mail app stopping abruptly in iOS 12.
Regarding the victims of this type of attack, Zecops affirms that it has affected members of companies located in the United States, Japan, Germany, Saudi Arabia and Israel. According to Patrick Wardle, an Apple security expert and former investigator for the US National Security Agency. USA Consulted by “Reuters”, this discovery “confirms what has always been a rather poorly kept secret: that adversaries with sufficient resources can remotely and silently infect fully patched iOS devices.”
It should be remembered that Apple is usually recognized both for its security and for the respect that its devices have for the privacy of the user. A fame that Android devices do not enjoy, however.