A Serious flaw in iOS Mail App lets hackers read your emails. Disable it immediately

Apps A Serious flaw in iOS Mail App lets hackers read your emails....
ios mail app

Apple has long been appreciated for being highly secure. But, there’s a vulnerability existing in the iOS Mail app for past 10 years. This was reported by ZecOps, a San Francisco based firm that claims Apple’s Mail app in iOS to have a zero-click vulnerability, which means it doesn’t need any user interaction to get infected. Not only are they zero-days, but they are also zero-click.

While this vulnerability is considered serious and is still in wild, ZecOps says Apple’s new beta version comes with a patch for this issue.

One of the prime reasons for people choosing Apple products is security. The company has long maintained strict policies for safeguarding its users’ communication and data. But, ZecOps, a cybersecurity firm now claims a critical time vulnerability found in the Mail app of iOS. WSJ also reported the issue.

Editor’s Pick: iPhone 11: Everything you need to know

Unlike other vulnerabilities that at least require a users to open an email, the zero-click attack requires no user interaction at all. The company says the iOS Mail app can be breached with buffer overflow technique, which is by sending a bugged code to the Mail app to overfill the block memory of the app beyond its capacity.

This starts with a crafted email sent by a malicious attacker to the target, and the user doesn’t need to interact with it to get infected. ZecOps says the vulnerability exists in iOS versions 6 to the latest version 13.

It further presses that versions 12 and 13 are more prone to simple attacks, as just a mere reception of malicious email will infect the device. And with that access, a hacker can read/write emails and try impersonating you too.

ios mail app


Previously, any malware attack would need a user to open the email and click on any links or open the attachment to download the malware, but compromising with just a receiving of email is serious.

ZecOps further claims the vulnerability is in wild since a decade, and few exploits have happened too. While it didn’t reveal the victims’ list, at last, it hints about journalists and VIP persons from various countries be the victims.

ZecOps claims they’ve informed this issue to Apple last month, and the company’s latest update version 13.4.5 has a patch for rectifying this issue in the iOS Mail app. While this update was still in the beta phase, only developers can access it for now. So until the official rollout, ZecOps recommends users to disable the Mail app and use alternatives like Outlook or Gmail temporarily.

iOS Mail App Vulnerability Key Details:

  • The vulnerability allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory
  • The vulnerability does not necessarily require a large email – a regular email which is able to consume enough RAM would be sufficient. There are many ways to achieve such resource exhaustion including RTF, multi-part, and other methods
  • Both vulnerabilities were triggered in-the-wild
  • The vulnerability can be triggered before the entire email is downloaded, hence the email content won’t necessarily remain on the device
  • We are not dismissing the possibility that attackers may have deleted remaining emails following a successful attack
  • Vulnerability trigger on iOS 13: Unassisted (/zero-click) attacks on iOS 13 when Mail application is opened in the background
  • Vulnerability trigger on iOS 12: The attack requires a click on the email. The attack will be triggered before rendering the content. The user won’t notice anything anomalous in the email itself
  • Unassisted attacks on iOS 12 can be triggered (aka zero click) if the attacker controls the mail server
  • The vulnerabilities exist at least since iOS 6 – (issue date: September 2012) – when iPhone 5 was released
  • The earliest triggers we have observed in the wild were on iOS 11.2.2 in January 2018

Also Read: Apple expands its services to new countries, makes Apple Music free for 6 months

Leave A Reply

Please enter your comment!
Please enter your name here

Social Connect3
Get latest updates on the go

1FansLike
4FollowersFollow
5FollowersFollow

Recent Articles

Apple launches HomePod Mini speaker at $99

The Cupertino-based tech giant Apple yesterday launched a smaller version of the HomePod...

iPhone 12 launched starting at $699, iPhone 12 Pro from $999, HomePod Mini at $99

The much awaited Apple Event 2020 just concluded with the launch of iPhone...

Apple may reveal MagSafe wireless chargers alongside iPhone 12

The Apple event for 2020 is due for October 13, 2020. Apple will...

Microsoft takes on Apple with it’s new Windows app store policies

Just a while ago, we heard about the mishap with Epic Games as...

iPhone 13 may have a smaller notch, a leak suggests

Apple is about to unveil its most powerful and newest iPhone 12 series....

Get the weekly news and updates in your inbox

Related Stories