Posted On 19 May 2020
A bug in iOS 6, released by Apple in 2012, has suddenly resurfaced and become a target for malicious hackers. The bug effectively allows hackers to send doctored emails that can start invading your system even if you simply open the message without clicking on the link, or in some cases without even doing that. Once in, these emails trigger code that runs through default mail applications, allowing the hackers to read, modify, and/or delete your messages. Experts believe that this historic vulnerability has been exploited by hackers since at least 2016. A number of high profile financial and media targets are known to have been hit; the real number could be far higher, as emails exploiting the vulnerability are not immediately obvious and could very possibly go completely unnoticed.
The bug and its potential for harm were revealed by researchers at Zecops, in contravention of standard procedures in the security community whereby it is usual to alert manufacturers to any vulnerabilities and allow them to bring out patches for them before revealing the problem to the public. However, Zecops stated that the bug was already public knowledge, and the vulnerability was a matter of urgency, given the high-profile targets that have fallen prey to the vulnerability thus far.
Apple has released a fix for this vulnerability in the beta version of the new iOS 13.4.5, but they have yet to announce when they may be releasing a general fix. Therefore, Apple users who want to keep themselves protected have a choice between installing the beta version of the new iOS or switch to a third-party email application such as Gmail, given the malicious emails only work with Apple’s proprietary mail system.