Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPhone Apple Mail: A critical iPhone and iPad bug that lurked for 8 years may be under active attack

P

pshufd

macrumors G4
Original poster
Oct 24, 2013
10,266
14,622
New Hampshire
I disabled email on my iPhone and iPad this morning and sent email (ironic) to my family to do the same thing. I have my backup iPhone 6 to do as well but that's normally left off. I will read email on my macs for now. I hope there's a patch today.

arstechnica.com

A critical iPhone and iPad bug that lurked for 8 years may be under active attack

Malicious emails require little or no interaction; exploits active since at least 2018.
arstechnica.com arstechnica.com

A critical bug that has lurked in iPhones and iPads for eight years appears to be under active attack by sophisticated hackers to hack the devices of high-profile targets, a security firm reported on Wednesday.

The exploit is triggered by sending booby-trapped emails that, in some cases, require no interaction at all and, in other cases, require only that a user open the message, researchers from ZecOps said in a post. The malicious emails allow attackers to run code in the context of the default mail apps, which make it possible to read, modify, or delete messages. The researchers suspect the attackers are combining the zero-day with a separate exploit that gives full control over the device. The vulnerability dates back to iOS 6 released in 2012. Attackers have been exploiting the bug since 2018 and possibly earlier.
 
Last edited:
Another article (there are lots of them out there).

9to5mac.com

Report: iPhone Mail app zero-day exploits found in the wild, Apple has fix coming in next public iOS release - 9to5Mac

A new potentially serious software vulnerability has been discovered in iOS 13 that works via the default Mail app on...
9to5mac.com 9to5mac.com

It looks like Apple is putting out the fix in the next scheduled update so no emergency patch.

I've turned off my email accounts on iOS devices and am only using my MacBook Pros for email. It is a pain in the neck as I can't really get email when I am mobile but I'm not mobile very much with the pandemic. I could switch to gmail but I don't want to go through the hassle now.
 
I upgraded to 13.4.5 beta 2 to be safe from this bug. So far I haven't noticed any other issues. Might be a worthwhile workaround for you.
 
zorinlynx said:
I upgraded to 13.4.5 beta 2 to be safe from this bug. So far I haven't noticed any other issues. Might be a worthwhile workaround for you.
Click to expand...

I feel safer just not using it. It's not a problem as I'm home most of the time. If we weren't in lockdown mode, I'd probably use GMail for now. I really wish that Thunderbird had an iOS App.
 
  • Like
Reactions: Wolfpup
The way I see it if it's been around for 8 years and we're only talking about it now due to a company releasing the information I'm not concerned. Apple will patch it in the next update but if you're worried then you have to do what you think is best in situation
 
What I've heard is that it has been used for targeted attacks so far which usually means state actors. No mass attacks at this point. I would rather be safe than sorry, particularly when it's only a minor inconvenience.
 
I’m shocked Apple hasn’t fixed this within a day or two...it’s been weeks, which I might expect from some fly by night but is nuts for an Apple/Microsoft/Google. You fix zero days ASAP.

I shut off all my email accounts for Mail, and am using Outlook and Gmail apps, which the company that found this recommended doing.

with how irresponsible Apple is being with this I might just stop using Mail all together. EVERYTHING has security flaws, the issue is just responsibly disclosing and quickly patching, and normally I expect the big 3 to fix things fast...
 
Wolfpup said:
I’m shocked Apple hasn’t fixed this within a day or two...it’s been weeks, which I might expect from some fly by night but is nuts for an Apple/Microsoft/Google. You fix zero days ASAP.
Click to expand...
Apple’s handling of problems with its Mail app in iOS 13 has been so incompetent to the point I’d assume they were trolling their users. They took something that was working perfectly fine for most people in iOS 12 and turned it into a giant turd for reasons I don’t understand.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back