Apple: Leak in iOS mail client poses no immediate threat and update coming soon
The leak discovered last week in iOS that gives access to the mail client does not pose a direct threat to users, according to Apple. The company has no indications that the problem has been abused in practice.
Apple has provided a statement about the vulnerability published Wednesday to Bloomberg. It states that the investigation of the security company has been analyzed and that the conclusion is that there is no direct risk to users. “The researcher has found three problems with Mail, but on their own they are not enough to circumvent the security of iPhones and iPads,” Apple claims. The company adds that it has found no evidence that the vulnerabilities were used against users for abuse. The fix promised on Wednesday will come ‘soon’, Apple further reports.
Security firm ZecOps published on Wednesday about a vulnerability in iOS that allows access to users’ mail client via a specially crafted email. The company is said to have informed Apple in February. ZecOps did report at the time that the leak was used for attacks on top executives of companies, among others. Targeted attacks would not need to open the mail for the success of targeted attacks and they would not notice an attack either, only the mail client would function a bit slower. Apple has not yet announced when the fix will be released. This is already in the beta of iOS 13.4.5.