Apple Inc. is planning to fix a recently found vulnerability in its iOS devices that could allow hackers to remotely infect any iPhone and iPad running on iOS v13.4.1 or below.
The vulnerability known as heap overflow is currently present in the default Mail application of iOS.
According to a report published by cybersecurity firm ZecOps, the hackers have been exloiting this heap overflow vulnerability in since January 2018.
This vulnerability can be easily exploited by an attacker by simply sending a regular email (using multi-part / RTF, etc.) that consumes significant amount of RAM of an iOS device (iPhone/iPad).
Researchers at ZecOps dubbed this attack as a “zero-click attack” where it doesn’t require any user interaction with the Apple’s default Mail application.
“The vulnerability can be triggered before the entire email is downloaded, hence the email content won’t remain on the device”, says ZecOps report.
“Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails. Additional kernel vulnerability would provide full device access.”
During the research, the company found this vulnerability is being exploited in the wild in targeted attacks on following:
- Induviduals from a Fortune 500 organization in North America
- An executive from a carrier in Japan
- A VIP from Germany
- MSSPs from Saudi Arabia and Israel
- A Journalist ni Europe
- Suspected: An executive from a Swiss eneterprise
“We believe that these attacks are correlative with at least one nation-state threat operator or a nation-state that purchased the exploit from a third-party researcher in a Proof-of-concept (POC) grade and used ‘as-is’ or with minor modifications,” researchers at ZecOps said.
ZecOps team provided a detailed technical-writeup and steps to reproduce the exploit. Here’s what a failed attack looks like:
“The vulnerabilities exists at least since iOS 6 – (issue date: September 2012) – when iphone 5 was released,” the report further states.
What can you do to mitigate the vulnerability:
- The newly released beta update of 13.4.5 contains a patch for these vulnerabilities.
- If you cannot patch to 13.4.5 beta version, avoid using Apple Mail application until the next patch is released or
- Use Outlook or Gmail instead.