Commenting on the vulnerabilities that are said to target Apple’s mail application, the company argued that there is no evidence that this vulnerability has been used by hackers. Apple suggested that these two vulnerabilities would not be enough to compromise the iPhone and iPad.
According to the analysis by security firm ZecOps, two major vulnerabilities have been identified targeting iPhone Mail on Apple’s iOS operating systems. It has been stated that hackers who have been using these vulnerabilities for eight years can fully take over your iPhone or iPad. Going further, ZecOps believed that there was sufficient evidence that these vulnerabilities have been exploited by hackers over the past two years.
Making a statement on the issue, Apple admitted that there were vulnerabilities, but argued that their effects were not as great as they were announced. Deniing allegations that hackers exploit users using these vulnerabilities, the company said that combining these two vulnerabilities would not be enough to compromise iPhone and iPad.
Apple’s explanation was not sufficient
Analyzing the ZecOps report, Apple announced that they were conducting an investigation on the issue and found that it was not possible to capture an iPhone or iPad using the mentioned vulnerabilities. The company points to vulnerabilities in the iOS 13.4.5 update, suggesting that there is at least some urgency to solve the problem.
Indeed, the vulnerabilities alone may not be enough to completely take over the iPhone or iPad, but this does not say anything about the possibility of hackers to carry out more complex attacks using these vulnerabilities. Considering that these vulnerabilities exist in every version of iOS released since iOS 6, it may be possible to use these vulnerabilities together with an error in the system kernel and take over the device.
According to ZecOps, the vulnerability is aimed at Apple’s mail application. The firm says that this deficit was bought from third-party people and used by a nation-state for monitoring.
Apple had made such reactions before. While the tone of the final statement was a bit softer, Apple previously accused Google’s Project Zero of spreading groundless fears about devices using a different iPhone vulnerability.