Vulnerabilities and their exploitation in tech devices is nothing new. The phenomenon is becoming increasingly common, with cyber meltdowns involving even high-profile cases being reported every once in a while now. But when mighty Apple, known for its “high standard” of security, messes up, it is sure to raise some eyebrows.
San-Francisco based cybersecurity firm ZecOps claims to have unearthed two “exploitable vulnerabilities” in Apple’s mail app and promptly alerted the company. Apple later released a beta update to temporarily fix the bug earlier this month, confirming publicly the presence of the loophole. The company is currently working on a full update to fix the lapse and hopes to roll it out soon.
The vulnerability assumes access to the mailbox by sending an apparently blank email message through the mail app, forcing a crash and reset. The breakdown enables hackers to steal sensitive data, such as photos and contact details, Zuk Avraham, ZecOps’ Chief Executive says.
The loophole, which he says has been exploited by hackers as far back as January 2018, allowed them to steal data even if the device ran recent versions of iOS.
ZecOps claims the flaw was used against one of its clients, which it describes as a “Fortune 500 North American technology company.” The firm also claims to have found evidence of similar attacks against “an executive from a carrier in Japan,” as well as “a journalist in Europe.”