Apple Says Recently Discovered iOS Mail Vulnerabilities Pose No Immediate Threat, But a Patch Is in the Works

by

Apple has responded to a recent report on vulnerabilities discovered in its iOS Mail app, claiming the issues do not pose an immediate risk to users.

mail ios app icon
Earlier this week, San Francisco-based cybersecurity company ZecOps said it had uncovered two zero-day security vulnerabilities affecting Apple's stock Mail app for iPhones and iPads.

One of the vulnerabilities was said to enable an attacker to remotely infect an iOS device by sending emails that consume a large amount of memory. Another could allow remote code execution capabilities. Successful exploitation of the vulnerabilities could potentially allow an attacker to leak, modify, or delete a user's emails, claimed ZecOps.

However, Apple has downplayed the severity of the issues in the following statement, which was given to several media outlets.

"Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher's report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance."

The vulnerabilities are said to impact all software versions between iOS 6 and iOS 13.4.1. ZecOps said that Apple has patched the vulnerabilities in the latest beta of iOS 13.4.5, which should be publicly released within the coming weeks. Until then, ZecOps recommends using a third-party email app like Gmail or Outlook, which are apparently not impacted.

Tags: Apple security, Apple Mail

Top Rated Comments

miniyou64 Avatar
miniyou64
16 months ago
The bugs in Mail are still immediately extremely annoying
Score: 10 Votes (Like | Disagree)
otternonsense Avatar
otternonsense
16 months ago
I'm pretty sure Apple will have prioritised some irrelevant pleasantry like Memoji barf physics in iOS 14 than getting Mail, FaceTime or personal hotspot straightened out.

As for this patch.. not holding my breath it will be the last one.
Score: 10 Votes (Like | Disagree)
ned1 Avatar
ned1
16 months ago
I raised this issue on Apple Community yesterday after reading articles on both the BBC and Guardian web sites.

within 20minutes I received an email from apple stating .....We removed your post "iOS 13.4.1 mail vulnerability" because it was speculative.
Score: 9 Votes (Like | Disagree)
gnasher729 Avatar
gnasher729
16 months ago

I'm pretty sure Apple will have prioritised some irrelevant pleasantry like Memoji barf physics in iOS 14 than getting Mail, FaceTime or personal hotspot straightened out.
What makes you think the same people would work on these things? There's one graphics designer who creates new emojis who is very good and drawing emojis but doesn't have the slightest clue how to fix bugs in Mail.
Score: 9 Votes (Like | Disagree)
otternonsense Avatar
otternonsense
16 months ago

Yeah, it's good we actually receive patches and updates, no?
Of course it's good. The amount of patches we are receiving though, addressing issues evidenced by third parties and made public, doesn't inspire a lot of trust in Apple's own iOS and macOS QA for proactive bug fixing. At least they're pushing those patches relatively fast.
Score: 8 Votes (Like | Disagree)
MandiMac Avatar
MandiMac
16 months ago

Of course it's good. The amount of patches we are receiving though, addressing issues evidenced by third parties and made public, doesn't inspire a lot of trust in Apple's own iOS and macOS QA for proactive bug fixing. At least they're pushing those patches relatively fast.
I‘d rather nitpick about the amount of patches we are receiving than having security problems without a patch in sight. It‘s the lesser evil, really.
Score: 8 Votes (Like | Disagree)
Read All Comments

Top Stories

AirPods Pro Beta Firmware

AirPods Pro Beta Firmware Now Available

Wednesday July 21, 2021 6:50 am PDT by
Upcoming AirPods Pro firmware updates are now available to Apple Developer Program members as beta versions. AirPods Pro firmware beta one features FaceTime Spatial Audio and Ambient Noise Reduction. Custom Transparency mode, including Conversation Boost, was initially expected to be included in the beta but appears to have been delayed for a later version. Apple made the announcement...
Read Full Article42 comments
maxresdefault

Apple Music to Livestream Premiere of Kanye West's New Album 'Donda' on Thursday

Wednesday July 21, 2021 1:49 am PDT by
Apple Music on Thursday will host a global livestream for the premiere of Kanye West's tenth studio album, titled "Donda." The sold-out event will take place at the Mercedes-Benz Stadium in Atlanta, Georgia, and Apple Music's livestream will start at 8:00 p.m. Eastern Time. The livestream was revealed in a Beats Studio Buds ad that aired during the NBA Finals. The ad features U.S. track...
Read Full Article91 comments
General Apps Messages

All Three Major U.S. Carriers and Google Adopt Rich Communication Services, But No Sign of Apple Interest

Tuesday July 20, 2021 1:15 pm PDT by
For the last several years, Google has been pushing a new communications protocol called Rich Communication Services, or RCS. RCS is designed to replace SMS, the current text message standard, and it offers support for higher resolution photos and videos, audio messages, bigger file sizes, better encryption, improved group chat, and more. Verizon today announced that it is planning to adopt...
Read Full Article223 comments
ios wifi settings

Apple Confirms iOS 14.7 Fixes WiFi Bug and Many Other Vulnerabilities

Wednesday July 21, 2021 11:38 am PDT by
Following the release of iPadOS 14.7 this morning, Apple has shared details on the security updates that are included in iOS 14.7, iPadOS 14.7, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7, all of which came out this week. Notably, Apple's documentation confirms that the iOS 14.7 and iPadOS 14.7 updates address a WiFi-related vulnerability that could impact iOS devices when joining a...
Read Full Article51 comments
macOS Malware Feature

Common Windows Malware Can Now Infect Macs

Wednesday July 21, 2021 8:13 am PDT by
A common form of malware on Windows systems has been modified into a new strain called "XLoader" that can also target macOS (via Bleeping Computer). Derived from the Formbook info-stealer for Windows, XLoader is a form of cross-platform malware advertised as a botnet with no dependencies. It is used to steal login credentials, capture screenshots, log keystrokes, and execute malicious files. ...
Read Full Article115 comments
macOS Big Sur Feature Orange

Apple Releases macOS Big Sur 11.5 With Podcast App Updates and Bug Fixes

Wednesday July 21, 2021 10:15 am PDT by
Apple today released macOS Big Sur 11.5, the fifth major update to the macOS Big Sur operating system that launched in November 2020. macOS Big Sur 11.5 comes two months after the release of macOS Big Sur 11.4. The new ‌‌‌‌‌macOS Big Sur‌‌‌‌ 11.5 update can be downloaded for free on all eligible Macs using the Software Update section of System Preferences. macOS Big Sur...
Read Full Article68 comments
idos 2 app ios

Apple to Pull 'iDOS 2' DOS Emulator From App Store

Thursday July 22, 2021 3:22 pm PDT by
iDOS 2, an app designed to allow users to play classic DOS games, will soon be pulled from the App Store, the app's creator said today. According to iDOS developer Chaoji Li, he tried to submit an iDOS update with bug fixes to the App Store, but was told that the update was rejected because it violated the 2.5.2 App Store guideline that says apps cannot install or launch executable code.Durin...
Read Full Article240 comments
airpods 3 gizmochina Feature

AirPods 3 Rumored to Launch Alongside iPhone 13 at Expected September Event

Friday July 23, 2021 12:54 am PDT by
The third-generation AirPods will likely launch at the same event revealing Apple's upcoming iPhone 13 lineup, according to a report from DigiTimes, which makes the claim citing sources familiar with the matter. The report as a whole echoes previous reporting that production of the third-generation AirPods will kickstart in August, meaning a launch shortly after can be easily expected. DigiTi...
Read Full Article17 comments
iPad mini pro feature

Next-Generation iPad Mini Will Reportedly Feature a Mini-LED Display

Thursday July 22, 2021 9:03 am PDT by
Apple is widely rumored to be planning a new iPad mini with a significant redesign, including a larger 8.5-inch to 9-inch display with slimmer bezels, a Touch ID power button instead of a home button, a USB-C port instead of a Lightning connector, and more. According to a paywalled preview of a DigiTimes report today, the sixth-generation iPad mini will also feature a mini-LED display:BLU...
Read Full Article99 comments
airpods 3 gizmochina Feature teal

AirPods 3 Mass Production Said to Kick Off in August

Tuesday July 20, 2021 8:40 pm PDT by
Mass production of the third-generation AirPods will kick off in August, according to a new report from Nikkei Asia. They will reportedly join a number of other products such as the iPhone 13 lineup and redesigned MacBook Pro models as launches coming before the end of the year. Renderings of rumored third-generation AirPods design Rumored launch dates for the third-generation AirPods have...
Read Full Article49 comments