iOS 7 Security Flaw Leaves Stored Email Attachments Unencrypted [Updated]
Apple states that it uses data encryption to protect email message attachments, but a report from security researcher Andreas Kurtz, via ZDNet, claims iOS 7.0.4 and later does not include this security feature.
Kurtz detected this flaw in iOS by accessing the file system on an iPhone 4 running iOS 7.1 and 7.1.1. Browsing through the email folder for an IMAP account, Kurtz discovered that the email attachments were stored in an unencrypted state. Besides the iPhone 4, Kurtz also was able to reproduce this vulnerability on an iPhone 5s and an iPad 2 running iOS 7.0.4.
I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction
Kurtz reported this issue to Apple, which acknowledged the flaw, but provided no timetable for patching it. This isn't the first security issue Apple has faced this year. The company recently patched a serious SSL connection verification flaw in both iOS and OS X that allowed an attacker with a "privileged network position" to capture data protected by SSL/TLS.
Update 3:11 PM PT: In a statement given to iMore, an Apple spokesperson said the company is working on a fix for the issue.
"We're aware of the issue," an Apple spokeswoman told iMore, "and are working on a fix which we will deliver in a future software update."
Popular Stories
The Black Friday and Cyber Monday holiday shopping rush is drawing to a close, but there are still some good deals to be had out there. For Apple products, many of the deals you've seen since last week are still available, though some have expired. So for anyone who missed out on Black Friday deals, there's still an opportunity to get some of the year's best prices on many Apple devices.
Note: ...
Apple's upcoming iPhone 15 models will be equipped with Sony's newest "state of the art" image sensors, according to a report from Nikkei.
Compared to standard sensors, Sony's image sensor doubles the saturation signal in each pixel, allowing it to capture more light to cut down on underexposure and overexposure. Nikkei says that it is able to better photograph a person's face even with...
Apple today announced that the Oceanic+ app is available for the Apple Watch Ultra starting today. Designed by Huish Outdoors in collaboration with Apple, the app serves as a dive computer for recreational scuba diving at depths up to 40 meters/130 feet.
Apple already offers a basic Depth app on the Apple Watch Ultra for viewing your current depth, maximum depth reached, water temperature,...
Apple today announced its 2022 App Store Award winners, highlighting the 16 best apps and games selected by Apple's global App Store editorial team.
The top apps were chosen by Apple for their quality, innovative technology, creative design, positive cultural impact, and ability to deliver "exceptional experiences." Apple CEO Tim Cook said:
This year's App Store Award winners reimagined...
Apple today released a Rapid Security Response update that is available for those running the iOS 16.2 beta, marking the launch of the second RSR update since the feature was released in iOS 16.
The Rapid Security Response Update is designed to provide iOS 16.2 beta users with bug fixes without the need to install a full update. The initial RSR release for iOS 16.2 beta users was a test with ...
Apple has cut back on its Twitter advertising, according to Twitter CEO Elon Musk. In a tweet, Musk said that Apple has "mostly stopped" its Twitter ads, asking if Apple hates "free speech."
Musk went on to publish a poll asking if Apple should "publish all censorship actions" taken that impact customers and he began retweeting content from companies that Apple has had moderation discussions ...
Elon Musk has pledged to offer an "alternative phone" if Apple and Google remove Twitter from their app stores, adding to long-standing rumors about an iPhone rival from Tesla.
Modified iPhone 11 Pro in the style of the Tesla Cybertruck, by Caviar. Musk's remark came after being asked about the potential scenario of Twitter being removed from app stores, which could conceivably happen if the...
Although Black Friday is now technically over, many Apple products are still seeing major discounts through the weekend as we head into Cyber Monday. In this article, you'll find every Apple device with a notable Black Friday sale that's still available. We'll be updating as prices change and new deals arrive, so be sure to keep an eye out if you don't see the sale you're looking for yet.
Note:...
Top Rated Comments
Probably this security flaw affects 0.0001% of iOS users but everyone will think "OMG another security flaw!!!11" :rolleyes:
If things aren't broken, fix them till they're broken.