What you need to know
- A cybersecurity firm found a Mail app exploit that Apple confirms.
- Apple says the exploit doesn't bypass security protections.
- The issues will be fixed in a software update soon.
An earlier report from cybersecurity firm ZecOps claims to have found a zero-day exploit in Apple's built-in Mail app for iPhone and iPad. There were two of them, actually. ZecOps claim that one is a remote zero-click exploit, meaning that anyone on the internet could be targeted and infected without knowing about it, while the other could send an email to the Mail app and allow a hacker to execute code on the device. It sounds scary, I know.
Today, Apple issued a response, as shared by Apple analyst Rene Ritchie that it investigated the claims and found that though an exploit does exist, it's not as dangerous as ZecOps makes it out to be.
Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher's report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.
https://twitter.com/reneritchie/status/1253517061944422410?s=20
