How iPhone bug may allow hackers to access users’ data
Experts say cybercriminals could have been exploiting flaw in in-built email app since 2018
A security flaw in Apple’s mobile operating system allows hackers to install software on iPhones without getting the victim to download an attachment or click on any links, according to new research.
Cybersecurity experts say hackers may have been exploiting the as-yet unfixed bug in the iPhone’s Mail app since January 2018, The Times reports.
What are the hackers doing?
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Typically, “an attack on a phone requires a user to download the malware”, usually by clicking on a link in a message or on an attachment sent by the hackers, explains The Times.
“Yet in this case, hackers send a blank email to the user. When the email is opened, a bug is triggered that causes the Mail app to crash, forcing the user to reboot it,” says the newspaper.
During the reboot, hackers can reportedly access information on the device, and remotely modify or delete emails.
How was it discovered?
The bug was discovered by San Francisco-based cybersecurity firm ZecOps, after researchers found suspicious lines of code on iPhones belonging to a client, The Washington Post reports.
Zuk Avraham, the company’s chief executive, told the newspaper that following months of investigations, his team realised that the code was connected to a previously unknown flaw in Apple’s email app.
ZecOps alerted Apple in March about the issue, he said.
Apple has since confirmed that a fix will be included in upcoming software updates, Reuters reports.
In a statement, the California-based tech giant said: “We have thoroughly investigated the researcher’s report, and based on the information provided, have concluded these issues do not pose an immediate risk to our users.
“The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”
–––––––––––––––––––––––––––––––For a round-up of the most important stories from around the world - and a concise, refreshing and balanced take on the week’s news agenda - try The Week magazine. Start your trial subscription today –––––––––––––––––––––––––––––––
Could your iPhone have been hacked?
In a blog post explaining the research findings, ZecOps said that the firm’s experts had “high confidence” that the flaws may have been used in attacks conducted by “an advanced threat operator”.
However, most users probably have nothing to worry about.
The company added that “it had found evidence that the bug was used to attack well-known targets including individuals from a Fortune 500 company in North America, an executive from a mobile carrier in Japan, employees of technology companies in Saudi Arabia and Israel, a European journalist and an individual in Germany”, the BBC reports.
ZecOps did not disclose the identities of these alleged victims.
Create an account with the same email registered to your subscription to unlock access.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Why is Tesla stumbling?
In the Spotlight More competition, confusion about the future and a giant pay package for Elon Musk
By Joel Mathis, The Week US Published
-
How Taylor Swift changed copyright negotiations in music
under the radar The success of Taylor's Version rerecordings has put new pressure on record labels
By Theara Coleman, The Week US Published
-
Job scams are increasingly common. Here's what to look out for.
The Explainer You should never pay for an application or give out your personal info before being hired
By Becca Stanek, The Week US Published
-
Justice Department bites Apple with iPhone suit
Speed Read The lawsuit alleges that the tech company monopolized the smartphone industry
By Rafi Schwartz, The Week US Published
-
Apple kills its secret electric car project
Speed Read Many of the people from Project Titan are being reassigned to work on generative AI
By Peter Weber, The Week US Published
-
The pros and cons of virtual reality
Pros and cons The digital world is expanding, for better and for worse
By Devika Rao, The Week US Published
-
The Apple Vision Pro's dystopian debut
Why everyone's talking about Is "spatial computing" the next big thing?
By Theara Coleman, The Week US Published
-
Why Apple's carbon-neutral claims may be misleading
Speed Read The company isn't disclosing all the information, a new report alleges
By Devika Rao Published
-
The advent of the AI iPhone: does new tech show promise or peril?
Talking Point Apple design guru Jony Ive and OpenAI founder Sam Altman believed to be in talks to create new device
By The Week Staff Published
-
China steals the spotlight at Apple's iPhone 15 launch
How will a directive from the Chinese government affect the tech giant?
By The Week Staff Published
-
Why is a tiny change to the iPhone's charger such a big deal?
Today's Big Question A change to comply with EU regulations could have global ramifications
By Justin Klawans Published