- Hackers may have discovered a way to infiltrate iPhones using Apple’s email software, according to cybersecurity firm ZecOps.
- The flaw allows attackers to send a message containing malicious software that doesn’t need to be clicked on in order to infect a device, the researchers found.
- The vulnerability specifically affects those who use Apple’s Mail app.
- An Apple spokesperson told Business Insider that the company hasn’t found evidence that the flaw was used against customers. It will be addressed in an upcoming software update.
- This flaw is the latest in a string of Apple security issues that have been discovered in the last year.
- Visit Business Insider’s homepage for more stories.
Hackers may have figured out a way to attack iPhones using a malicious message sent through Apple’s email software.
According to ZecOps researchers, the security vulnerability is particularly sophisticated because it doesn’t require users to click on anything in order for their devices to be infected. The attackers send emails that install malicious software once Apple’s email reader begins downloading the message – the user doesn’t even need to open the message at all.
The issue was particularly difficult to detect because the malicious code was contained in the email sent by the attackers, and the emails were either deleted by the user or by the attackers themselves, according to the Journal.
The vulnerability specifically affects those who use Apple’s Mail app. It primarily affects the latest iPhone software, iOS 13, though ZecOps says the vulnerability has existed since at least iOS 6, which was released in 2012.
ZecOps was able to identify multiple targets in the attacks, including employees at a Japanese telecommunications firm, a North American company, and tech companies in Saudi Arabia and Israel, according to the Journal.
An Apple spokesperson told Business Insider that the company has concluded the issues don’t pose an “immediate risk,” and the company hasn’t found evidence that they were used against customers. Apple said the bug will be addressed in an upcoming software update.
While Apple has historically been the gold-standard in cybersecurity, this security flaw is the latest in a string of Apple security issues that have been discovered in the last year. Last spring, hackers used a vulnerability in the messaging app WhatsApp to install malware on iPhones and other smartphones. And in August, Google researchers discovered that an iPhone hack may have targeted Uighur Muslims in China. In both situations, Apple patched the issues before they were made public.
Apple has experienced other software flaws in recent months. Last July, Apple had to temporarily shut down its Apple Watch Walkie Talkie app after discovering a bug that could allow someone to eavesdrop on someone else via their iPhone. Apple said at the time there was no evidence anyone had exploited the bug.
And when Apple’s latest software, iOS 13, released last September, researchers discovered a bug that would make it possible for someone to access an iPhone’s contact list without needing to unlock the phone, as well as a flaw that allowed third-party keyboards to unapproved access to your device. A subsequent software update has since fixed the flaws.