Home Security Apple Downplays Active Exploitation Of iOS Mail Bugs In iPhones, iPads

Apple Downplays Active Exploitation Of iOS Mail Bugs In iPhones, iPads

by ethhack

Researchers have recently caught multiple security bugs in Apple iOS Mail that risk iPhones and iPads. While the researchers believe that the cybercriminals are actively exploiting the bugs, Apple denies any such exploitation. Patch to arrive soon.

Apple iOS Mail Bugs Possibly Under Attack

Reportedly, researchers from ZecOps have found numerous Apple iOS Mail bugs that threaten Apple devices. Stating the details of the vulnerabilities in a post, the researchers hinted towards the exploitation of the bugs in the wild.

For a successful attack, an adversary merely had to send a maliciously crafted email to the target Apple user. The email in the victim’s mailbox would then trigger the bugs in the context of the relevant mail application in the iOS: Mail App on iOS 12 or Maild on iOS 13.

Regarding the vulnerability, the researchers stated,

ZecOps found that the implementation of MFMutableData in the MIME library lacks error checking for system call ftruncate() which leads to the Out-Of-Bounds write. We also found a way to trigger the OOB-Write without waiting for the failure of the system call ftruncate. In addition, we found a heap-overflow that can be triggered remotely.
Both the OOB Write bug, and the Heap-Overflow bug, occurred due to the same problem: not handling the return value of the system calls correctly.

Apple Denies Any Active Exploitation

ZecOps believes that the bugs affecting Apple Mail app date back to 2018. After discovery, they collaborated with Apple to inform them of the bugs for patches. They have confirmed that Apple patched both the vulnerabilities in the iOS 13.4.5 beta, that will shortly roll out for the public.

While Apple fixed the bugs, they have not observed any active exploitation of the bugs. Nor did they consider the bugs an immediate threat to the users, according to their statement below.

ZecOps have also expressed their plans to reveal more details about the bugs after Apple patches them.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Source link

Related Articles

Leave a Comment