Apple Patches its iOS Zero-Days Abused for Years

 

As per the new report 2 Apple iOS zero-day security vulnerabilities affecting its Mail app on its iPads and iPhones. Impacted from this are  OS 13.4.1 and iOS 6 users. Apple patched both bugs in iOS 13.4.5 beta, released on April 2020 last week. A final release of iOS 13.4.5 is expected to be launching soon.

Both threats are believed to have been actively exploited by an “advanced threat operator” since 2018, as per the new reports that publicly disclosed the bugs in a research report published on 22 April 2020 this week.

Both bugs are remotely used by attackers who simply send an email to victims’ default iOS email app on their iPad and iPhone this would allow hackers to crash and reset the iPad or iPhone and get access to user data by using a kernel exploit.

Also, this flaw is zero-click on the user’s Apple devices running iOS 13, which means that the user doesn’t need to open the actual email in order to get hacked – it might be received in the background and starts to create chaos.

A San Francisco-based private security company called ZecOps discovered this threat at the time of an investigation of a cyber attack against its clients, and that client is a Fortune 500 North American company. also, the new report states that this flaw was exploited before targeting high-profile business users, although this hasn’t been verified.

Apple has officially admitted that the flaw exists and that they are working to fix it. Apple also had included a  new patch in its iOS 13.4.5 beta, that is not yet released in its devices.

Leave a Reply

Your email address will not be published. Required fields are marked *