ZecOps, a San Francisco-based mobile security forensics company, has discovered a pair of zero-day vulnerabilities in the Mail app on iPhone, iPads that hackers are abusing in the wild, at least, from the last two years to target individuals from various industries and organizations.
In a report published on Wednesday, ZecOps said it found evidence that both the vulnerabilities have been actively exploited by an “advanced threat operator” since 2018.
According to the researchers, both the vulnerabilities can be remotely exploited by the attackers by simply sending an email to victims’ default iOS Mail application on their iPhone or iPad.
Both flaws mainly affect the latest iPhone software, iOS 13.4.1, though ZecOps says the vulnerability has existed since at least iOS 6, which was released in September 2012.
“The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13,” wrote researchers.
Also Read- iPhone’s Fingerprint Lock Can Be Bypassed Using 3D Printed Fingerprint
When the user attempted to open the email message it would crash the iPhone allowing hackers to gain entry into the device giving them access to confidential information. In some versions of iOS, the hack can be triggered when the Mail app automatically downloads a message’s data, without the recipient having to click on anything for their devices to be infected.
The bugs in question are remote code execution flaws that reside in the MIME library of Apple’s mail app.