Tech giant Apple is yet to roll out a security patch for a newly discovered iPhone vulnerability. As per security researchers, this flaw has already been exploited by hackers to steal data from unsuspecting victims. The news spread after Zuk Avraham from security firm ZecOps said that the company had discovered a new bug last year during a routine investigation. Further, he said that the bug was used to attack at least six organizations since as early as 2018. Also Read - Apple iPhone SE Plus launch pushed back, iPhone 12 experiencing mass production delays
According to Avraham, the bug lies in the iPhone’s default Mail application. If an attacker were to send a certain specially crafted email to the victim’s device, he could overrun the device’s memory, which could allow remote execution of malicious code. Further, this could be used to steal data from the device. Also Read - Apple Music expands to 52 new countries, offering 6 month free trial
Watch: Top 5 Instagram tips and tricks
The bug has apparently been present since iOS 6, which was first released in 2012. Further, the latest iOS 13 is the worst affected version. This is because, on the latest versions of iOS 13, the bug doesn’t even need interaction by the victim. However, macOS, Apple’s operating system for its computers, is not vulnerable, confirmed Avraham. Also Read - Apple iPad Pro with mini-LED display and 5G pushed back to 2021 due to supply constraints
Apple offers a statement on the bug
“Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance,” an Apple spokesperson said in a statement.
Similar security flaws in iPhones have proven to be some of the biggest and even most paying bugs. The Cupertino-based company will often pay up to $50,000 to anyone who can spot similar bugs, as part of a bug-bounty program. Such exploits are often used against targets, being implemented by criminals and terrorists in highly precise operations. However, as per a report by TechCrunch, exploits like these are also used by some governments to target certain ethnic groups.
Avraham further added in his blog post that the attacks that made use of the bug included victims in a Fortune 500 company and a journalist in Europe. While attackers were not named, Avraham suggested that a nation-state was one of the attackers. Apple is expected to soon launch a stable update with the flaw taken care of. Apparently, it has already been fixed in a beta update.