Yesterday, news broke that security flaws in Apple Mail for iOS were discovered, amid claims that they could have been present for years.
Apple has since responded, revealing that it “found no evidence they were used against customers”, adding that “these potential issues will be addressed in a software update soon”.
The flaws were found and highlighted by Security research firm ZecOps. It published a report revealing a vulnerability that could affect iPhone and iPad users which seemed to have existed since 2012. It claimed that Apple Mail for iOS 6 (released with the iPhone 5) exhibited the same security flaw as recently found in iOS 13.
Apple’s subsequent statement attempts to set users’ minds at ease, however: “Apple takes all reports of security threats seriously”, it said.
“We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users.
“The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.
“These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.”
ZecOps claimed that the “zero-click” vulnerability potentially enabled an attacker to access personal data without the user’s knowledge, by sending a single or series of emails that consume a significant amount of the phone or tablet’s RAM.
“The vulnerability can be triggered before the entire email is downloaded, hence the email content won’t necessarily remain on the device,” the company wrote in its report. It apparently found the security flaw after several iPhone users reported unusual device failures.
“To mitigate these issues – you can use the latest iOS beta available. If using a beta version is not possible, consider disabling the Mail application and use Outlook or Gmail that are not vulnerable,” it added.