Researchers Disclose Multiple Zero-Day Flaws in iOS Mail App Exploited in the Wild

Earlier this week, researchers at ZecOps published a blog post detailing their discovery of multiple zero-day vulnerabilities in Apple iOS Mail application. These vulnerabilities were discovered as part of a digital forensics and incident response investigation. Based on their analysis, they found that these vulnerabilities had been exploited in the wild as early as January 2018 and have been in place since iOS 6, which was released in September 2012. 

Most worrisome about these vulnerabilities is the fact that one of the flaws could be exploited without user interaction (known as ‘zero-click’) for users of iOS 13. Users of iOS 12 would need to interact with (click on) an email in order for the vulnerability to be exploited.

For more details about the vulnerabilities, including the availability of patches, please visit our blog.