Half a billion iPhones and iPads can be hacked via email


The vulnerability that has existed for 2 years in iOS email can be exploited by hackers without the user's knowledge.

Hacking an ordinary digital device is done by luring the victim to download malicious code, such as clicking on a malicious link on a message or website. But the iOS email flaw "helped" hackers install malware silently, victims do not have to manipulate any stage.


Apple recommends iPhone and iPad users not to click strange emails. Photo: Gadgetmatch.

"This bug can cause a large number of iPhone attacks. Fortunately, it is not known by many hackers so the impact is not really widespread," said Zuk Avraham, CEO of security company ZecOps, the unit. Above error detection, said.

The expert explained, first, that the hacker sends a blank email specially designed to gain access to the recipient's device. This email will cause the device to crash and reboot. From there, hackers can access the device remotely.

The attack was also commented to be very sophisticated. ZecOps experts relied on the remaining clues to analyze and concluded that: "We were unable to obtain malicious code for analysis, because emails used to launch the attack on the victim device. was deleted later ".

So far, ZecOps has identified at least six targets that have been hacked through this vulnerability, including an employee of a telecommunications company in Japan, a large company based in North America, a company. technology in Saudi Arabia and Israel, a European journalist and an individual in Germany. But experts declined to state the identity. In the two years of this vulnerability, the number of affected iOS devices could have reached half a billion.

The vulnerability affects iPhone users from iOS 6 (September 2012) - from iPhone 5 and later, to the latest iOS 13.4.1. However, ZecOps researchers admit they have not tested the devices running iOS 5 before, so it is still possible that the error will affect even older versions.

The effects if hacked are not clear. ZecOps said that clicking on an empty email on the Mail, iPhone or iPad app will be unusually slow due to resource downloads. In case of a failed attack, another email is sent with the message "This message contains no content".


Notification sent to the user's phone when the attack failed. Photo: ZecOps.

ZecOps sent a report to Apple and they fixed the security patch in the latest iOS beta. However, the official fix is ​​not yet available for users.

Apple has confirmed the problem and promised to provide "comprehensive patch" next time. US electronics also recommends that users should not open suspicious emails.

According to Gadgetmatch, this is Apple's rare quick response. In the past, companies were often silent and silently patching.

Since its introduction in 2007, Apple has spent millions developing and promoting the iPhone as a secure computing device, as well as offering attractive rewards for those who discover bugs. However, the Wall Street Journal said that the latest incident marked a step back in the security of the iPhone - the device has long been considered the gold standard for data protection in the field of mobile.