It seems like we’re always reporting on security leaks and flaws these days and we hate to become predictable, but it seems that another major online security flaw has been exposed, this time in Apple’s native email app for iPhone and iPad devices. The flaw was found by ZecOps, a cybersecurity company which researches attacks so it can learn how to defend against them.
In essence, the flaw allows hackers to overwhelm the email app by sending large emails which use up enormous amounts of RAM capacity, which in turn lets them run what are called 'remote zero-click' attacks, which are virus infections that occur without the victim ever clicking on anything. So, in this case, simply having your email app running in the background would be enough for the attack to take place. You wouldn’t even need to open the offending email to be infected.
It’s a lot more complicated than that and I turned into Russell Crowe in A Beautiful Mind trying to make sense of it all, but the gist of it is that your iPhone could be infected with a virus even if you didn’t click a single thing, which is terrifying. If you’d like to get into the nitty gritty of the vulnerability, you can read the full ZecOps report.
Bad timing for Apple
ZecOps alerted Apple to the vulnerability once it had finished its investigation and the Apple product security team has since delivered a beta patch which blocks to issue going forwards. With the recent launch of the new iPad Pro and the second-generation iPhone SE, Apple will be looking to avoid any controversies that would damage its products reputation with customers, so it’s good to see that this issue has been swiftly resolved, but it serves as a stark warning that we must be constantly vigilant for new threats online.
If you’re looking to keep your devices safe from malicious software, you should consider getting one of the best antivirus or best internet security software, both of which can now be installed on smartphones and tablets, as well as traditional laptops and home computers.