Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta

by

San Francisco-based cybersecurity company ZecOps today announced that it has uncovered two zero-day security vulnerabilities affecting Apple's stock Mail app on iOS devices, as noted by Motherboard and The Wall Street Journal.

mail ios app icon
ZecOps claims that one of the vulnerabilities enables an attacker to remotely infect an iOS device by sending emails that consume a significant amount of memory, while another could allow remote code execution capabilities. Successful exploitation of the vulnerabilities is said to allow an attacker to leak, modify, and delete a user's emails.

Targets of the vulnerabilities have apparently included corporate executives and government officials rather than average end users.

The vulnerabilities are said to impact all software versions between iOS 6 and iOS 13.4.1. ZecOps said that Apple has patched the vulnerabilities in the latest beta of iOS 13.4.5, which should be publicly released within the coming weeks. In the meantime, ZecOps recommends using a third-party email app like Gmail or Outlook, which are apparently not impacted.

Related Forum: iOS 13

Top Rated Comments

Nimrad Avatar
Nimrad
41 months ago
There are also some critical usability issues that need to fixed asap.
Score: 27 Votes (Like | Disagree)
fbr$ Avatar
fbr$
41 months ago

ZecOps recommends using a third-party email app like Gmail
I stopped reading there...
Score: 16 Votes (Like | Disagree)
Mick-Mac Avatar
Mick-Mac
41 months ago
The ONE thing I like about Apple's Mail (on both the Mac and iOS) is that Apple demonstrably respect your privacy. Everybody else pretty much doesn't (except for paid services like proton mail). So I use Apple's Mail, however it is just a piece of junk compared to everything else out there. It's good that security bugs are found and fixed, but in the name of all things holy can somebody at Apple please dip their little finger into that hoard of cash they own and just FIX mail. Make it something they can take pride in and not be a magnet for endless frustration for their customers.
Score: 12 Votes (Like | Disagree)
I7guy Avatar
I7guy
41 months ago

I guess everyone with devices that can't run iOS 13 need to just buy new hardware.
My guess is Apple will roll this into ios 12, when ios 13.4.5 is released.
Score: 12 Votes (Like | Disagree)
H3LL5P4WN Avatar
H3LL5P4WN
41 months ago
How considerate of them to tell Apple first and allow it to be patched before publicly disclosing it.

/s
Score: 11 Votes (Like | Disagree)
Itada Avatar
Itada
41 months ago

How considerate of them to tell Apple first and allow it to be patched before publicly disclosing it.

/s
Except that the cat was already out of the bag: they were already being exploited, for years. ZecOps found them by investigating the aftermath of successful attacks.
Score: 10 Votes (Like | Disagree)
Read All Comments

Popular Stories

gradiente iphone white

Brazilian Electronics Company Revives Long-Running iPhone Trademark Dispute

Tuesday May 19, 2020 1:06 pm PDT by
Apple has been involved in a long-running iPhone trademark dispute in Brazil, which was revived today by IGB Electronica, a Brazilian consumer electronics company that originally registered the "iPhone" name in 2000. IGB Electronica fought a multi-year battle with Apple in an attempt to get exclusive rights to the "iPhone" trademark, but ultimately lost, and now the case has been brought to...
Read Full Article71 comments