iOS 7 Security Flaw Leaves Stored Email Attachments Unencrypted [Updated]
Apple states that it uses data encryption to protect email message attachments, but a report from security researcher Andreas Kurtz, via ZDNet, claims iOS 7.0.4 and later does not include this security feature.
Kurtz detected this flaw in iOS by accessing the file system on an iPhone 4 running iOS 7.1 and 7.1.1. Browsing through the email folder for an IMAP account, Kurtz discovered that the email attachments were stored in an unencrypted state. Besides the iPhone 4, Kurtz also was able to reproduce this vulnerability on an iPhone 5s and an iPad 2 running iOS 7.0.4.
I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction
Kurtz reported this issue to Apple, which acknowledged the flaw, but provided no timetable for patching it. This isn't the first security issue Apple has faced this year. The company recently patched a serious SSL connection verification flaw in both iOS and OS X that allowed an attacker with a "privileged network position" to capture data protected by SSL/TLS.
Update 3:11 PM PT: In a statement given to iMore, an Apple spokesperson said the company is working on a fix for the issue.
"We're aware of the issue," an Apple spokeswoman told iMore, "and are working on a fix which we will deliver in a future software update."
Popular Stories
Apple has ordered 22 million OLED panels from Samsung Display for the first foldable iPhone, signaling a significantly larger production target than the display industry had previously anticipated, ET News reports.
In the now-seemingly deleted report, ET News claimed that Samsung plans to mass-produce 11 million inward-folding OLED displays for Apple next year, as well as 11 million...
Apple is about to release iOS 26.2, the second major point update for iPhones since iOS 26 was rolled out in September, and there are at least 15 notable changes and improvements worth checking out. We've rounded them up below.
Apple is expected to roll out iOS 26.2 to compatible devices sometime between December 8 and December 16. When the update drops, you can check Apple's servers for the ...
Google Maps on iOS quietly gained a new feature recently that automatically recognizes where you've parked your vehicle and saves the location for you.
Announced on LinkedIn by Rio Akasaka, Google Maps' senior product manager, the new feature auto-detects your parked location even if you don't use the parking pin function, saves it for up to 48 hours, and then automatically removes it once...
Apple is actively testing under-screen Face ID for next year's iPhone 18 Pro models using a special "spliced micro-transparent glass" window built into the display, claims a Chinese leaker.
According to "Smart Pikachu," a Weibo account that has previously shared accurate supply-chain details on Chinese Android hardware, Apple is testing the special glass as a way to let the TrueDepth...
Apple today seeded the second release candidate version of iOS 26.2 to developers and public beta testers, with the software coming one week after Apple seeded the first RC. The release candidate represents the final version iOS 26.2 that will be provided to the public if no further bugs are found.
Registered developers and public beta testers can download the betas from the Settings app on...
Apple's chipmaking chief Johny Srouji has reportedly indicated that he plans to continue working for the company for the foreseeable future.
"I love my team, and I love my job at Apple, and I don't plan on leaving anytime soon," said Srouji, in a memo obtained by Bloomberg's Mark Gurman.
Here is Srouji's full memo, as shared by Bloomberg:I know you've been reading all kind of rumors and...
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max.
One thing worth...
Apple and Google are teaming up to make it easier for users to switch between iPhone and Android smartphones, according to 9to5Google. There is a new Android Canary build available today that simplifies data transfer between two smartphones, and Apple is going to implement the functionality in an upcoming iOS 26 beta.
Apple already has a Move to iOS app for transferring data from an Android...
Apple today announced that Fitness+ is expanding to 28 new markets on December 15 in the service's largest international rollout since launch, accompanied by new language dubbing and a K-Pop music genre.
Apple Fitness+ will become available in Chile, Hong Kong, India, the Netherlands, Singapore, Taiwan, and additional regions on December 15, with Japan scheduled to follow early next year....
Apple's senior vice president of hardware technologies Johny Srouji could be the next leading executive to leave the company amid an alarming exodus of leading employees, Bloomberg's Mark Gurman reports.
Srouji apparently recently told CEO Tim Cook that he is "seriously considering leaving" in the near future. He intends to join another company if he departs. Srouji leads Apple's chip design ...
