A new potentially serious software vulnerability has been discovered in iOS 13 that works via the default Mail app on iPhone and iPad. Security researchers say the iPhone has a severe flaw in the native iOS Mail app that makes it vulnerable to hackers.
Commenting on this Satnam Narang, Principal Research Engineer at Tenable said, “The recent disclosure that multiple zero-days in the Apple iOS Mail application were exploited in the wild is significant and noteworthy. One of the flaws can be exploited without user interaction (also known as zero-click) on iOS 13. The vulnerabilities also affect iOS 12, though interaction is required in most cases.
The exploitation of these flaws would allow an attacker to leak, modify, or delete emails within the Mail application. However, the researchers note that combining these flaws with an unpatched kernel vulnerability would provide an attacker with full device access, though that information has not been identified as of yet.
While Apple has issued fixes for these flaws in the beta version of iOS 13.4.5, devices are still vulnerable until the final version of iOS 13.4.5 is readily available to all iOS device owners. In the interim, the only mitigation for these flaws is to disable any email accounts that are connected to the iOS Mail application, and use an alternative application, such as Microsoft Outlook or Google’s Gmail.”