Geeks for your information
Apple Patches Two iOS Zero-Days Abused for Years - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Apple Patches Two iOS Zero-Days Abused for Years (/showthread.php?tid=11186)

Apple Patches Two iOS Zero-Days Abused for Years - silversurfer - 23 April 20

Quote:Researchers are reporting two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1. Apple patched both vulnerabilities in iOS 13.4.5 beta, released last week.
A final release of iOS 13.4.5 is expected soon.
 
Both vulnerabilities are are believed to have been actively exploited by an “advanced threat operator” since 2018, according to researchers at ZecOps that publicly disclosed the bugs in a research report published Wednesday.

Both bugs are remotely exploitable by attackers who simply send an email to victims’ default iOS Mail application on their iPhone or iPad.
 
“The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13,” wrote researchers.
 
According ZecOps, the vulnerability allows hackers to remotely access data from targeted iPhones running the most recent iOS version. They add, the flaw can also give adversaries access to messages associated with Apple’s default Mail app.

Read more: https://threatpost.com/apple-patches-two-ios-zero-days-abused-for-years/155042/

RE: Apple Patches Two iOS Zero-Days Abused for Years - silversurfer - 24 April 20

UPDATE: Apple Pushes Back Against Zero-Day Exploit Claims
Quote:Apple has pushed back against claims that two zero-day bugs in its iPhone iOS have been exploited for years, saying it’s found no evidence to support such activity.
 
Apple officials made the statement in response to a widely disseminated report published Wednesday by ZecOps, which claimed that two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads already had been exploited in the wild since 2018 by an “advanced threat operator.”
 
“Both vulnerabilities exist at least since iOS 6 – (issue date: September 2012) – when iPhone 5 was released,” ZecOps said in its report.

However, Apple said in a statement to Bloomberg’s Apple correspondent Mark Gurman that he posted on Twitter that this is just not true.
“We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users,” the company said in the statement.

Read more: https://threatpost.com/apple-pushes-back-against-zero-day-exploit-claims/155108/