I’m glad tha I don’t do a whole lot of opening of mail on my phone. There has been reports of two zero days that can be leveraged by actors to take control of devices. While this may be no surprise to some, I’m surprised that it was able to stay quiet for so long.
The security industry has been poking holes in IOS for awhile now, and something like this going un-noticed may be surprising to some, but not for others.
A zero-day vulnerability in Apple’s Mail application for iOS has been used to target high-profile victims around the world for more than two years, according to ZecOps research published Wednesday.
The flaw, which ZecOps uncovered through conducting a routine digital forensics and incident response investigation, is triggered by sending emails that consume a “significant amount” of a device’s memory. From there, hackers could gain access to email accounts via Mail, gaining the ability to leak, modify, or delete emails.
If the attackers want to cause additional harm and gain further access to victim devices, it “would require an additional infoleak bug [and] a kernel bug afterwards,” the researchers write in a blog that details their findings.
ZecOps assesses with “high confidence” that individuals at a U.S. company in the Fortune 500, managed security service providers from Saudi Arabia and Israel, an executive in Japan, a journalist in Europe, and a high-profile individual from Germany were among the accounts targeted via the vulnerabilities.
So far from what I remember of the article, we have not been targeted in the states, but don’t let that stop these actors. It wouldn’t surprise me one bit if they did, but it just hasn’t been reported to anyone.
Have you seen this and what do you think? Sound off!
Article: Hackers have been exploiting two zero-days to break into iPhones and iPads is the article, feel free to check it out!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.