The team at Binance has notified its crypto exchange users of a new vulnerability affecting the mail applications on Apple devices. The security threat was first made public by the ZecOps Research team on the 20th of April. The vulnerability has been found to have existed since iOS 6 that was first released in September 2012. All versions since then, and up to iOS 13, are affected. The team at ZecOps further explained how it was detected.
Following a routine iOS Digital Forensics and Incident Response (DFIR) investigation, ZecOps found a number of suspicious events that affecting the default Mail application on iOS dating as far back as Jan 2018. ZecOps analyzed these events and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time.
What the Vulnerability Means for iOS Users
According to ZecOps, the vulnerability allows a malicious individual to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13). Such access would allow the attacker to leak, modify and delete emails. The team further informed iOS users that they are investigating another related vulnerability.
How to Ensure You are SAFU
- Remove the iOS Mail app after which the user goes to Settings > Password & Accounts. Users are advised to set Fetch New Data to ‘Manual’ and disable ‘Push’.
- Once the iOS mail application is deactivated, users are advised to use dedicated email clients such as Gmail or Outlook. Additionally, they can use web browsers such as Safari or Chrome to access their mail
- An upgrade to the latest iOS 13.4.5 beta is advised by following the steps here.
(Feature image courtesy of Ilya Pavlov on Unsplash.)
Disclaimer: This article is not meant to provide financial advice. Any additional opinion herein is purely the author’s and does not represent the opinion of Ethereum World News or any of its other writers. Please carry out your own research before investing in any of the numerous cryptocurrencies available. Thank you.