With all the bad news we have been hearing lately, 2020 seems to be a vexatious year. It seems nothing right is going to happen. Due to coronavirus tech events got canceled, hackers got a chance to create fake maps, send phishing emails, etc.
Now, there’s bad news for Apple users.
iPhones can be hacked. Well, don’t panic Apple has patched the vulnerabilities in an upcoming iOS 13 beta and will patch more in the next public release.
In a report published by ZecOps cybersecurity firm, different vulnerabilities in iOS have been discovered. One of the two most important discovered vulnerabilities is known as remote zero-click. This type of attack is risky, as it can be used against anyone, and the target gets infected without interacting with it.
This new email-based iOS exploit has been around since January 2018 and it targets high profile users using Apple Mail.
To know more about zero-day exploit read – what is zero-day exploit?
ZecOps said they discovered that exploitation attempts are against valuable targets that include:
- Business leaders, corporate security firms and journalists
- People from a Fortune 500 organization in North America
- VIP from Germany
- Suspected: An executive from a Swiss enterprise
- MSSPs from Saudi Arabia and Israel
You’ve Got (0-click) Mail! Unassisted iOS Attacks via MobileMail/Maild in the Wild via @ZecOps Blog https://t.co/tHbq1ZUuom
— ZecOps (@ZecOps) April 22, 2020
What’s at risk?
Once the vulnerability is successfully exploited attackers can modify, leak, and delete emails. Not only this, but the susceptibility can also perform various tasks like:
- Enabling remote code execution capabilities, allowing hackers to send a bulky mail that consumes a lot of memory resulting in remotely infecting the device
- A regular mail that can consume enough RAM can also be used. For this resource exhaustion including multi-part, RTF, and other methods can be deployed
- Exploits heap overflow vulnerability in the wild
- It can trigger the exploit before downloading a complete email. Therefore, email content cannot be found on the phone
- A user running iOS 13 don’t need to do anything, as soon as Apple Mail is accessed the exploits runs in the background
- On iOS 12 the attack will only work if you click on the email.
With that said, it seems users running iOS 13 are more at risk. But why?
iOS 13 is the latest operating system with more security features. How can it be at risk? The answer is simple since the back-end process of email processing is different in iOS13 it is vulnerable. Due to this, when the recipient gets malicious mail without even user’s interaction iPhones running iOS 13 can be hacked.
However, in iOS 12 and earlier, to get the exploit working users need to open the mail and interact with the Apple Mail app.
In both cases, email messages sent by the attackers are remotely removed from the target device.
How does it work?
Hackers send mail that consumes RAM. It can be a regular email or a bulky one. Once enough system memory is consumed, Apple’s Mail program runs out of memory, and this is when attackers get a chance to inject malicious code.
As allowed by the vulnerability, you can run remote code in the context of MobileMail (iOS 12) or maild (iOS 13).
Does this mean complete data on the device is at risk?
As discovered the exploit doesn’t grant full control over the device. To get that attacker needs to identify additional iOS kernel vulnerability.
How to stay protected?
Until the patch is released for the public, we recommend users disable the Apple Mail client. Since Gmail, Outlook, and other mail clients are safe you can use them.
What’s our opinion?
All this makes one thing clear, the debate over whether Apple is doing enough to secure the iPhone or not will resurface. Alongside if the company wants to keep its image as a secure phone provider intact, they should allow defenders to detect and stop attacks. Security researches are seeking Apple’s permission to verify apps and take a deeper look into the code. If the company pulls these restrictions and allows them to test the code, Apple might not have to face such a problem in the future.
Since the current attack is targeting high profile clients not much harm is being caused. But if no step is taken soon the company will have to face bitter consequences.
This is what we think. If you think the same or differently, do share your thoughts with us. We are listening.