Geeks for your information News Privacy & Security News v
Apple Patches Two iOS Zero-Days Abused for Years
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Apple Patches Two iOS Zero-Days Abused for Years
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,067 in 3,839 posts
Thanks Given: 6,263
Joined: 12 September 18
#1
Information  23 April 20, 11:03
Quote:Researchers are reporting two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1. Apple patched both vulnerabilities in iOS 13.4.5 beta, released last week.
A final release of iOS 13.4.5 is expected soon.
 
Both vulnerabilities are are believed to have been actively exploited by an “advanced threat operator” since 2018, according to researchers at ZecOps that publicly disclosed the bugs in a research report published Wednesday.

Both bugs are remotely exploitable by attackers who simply send an email to victims’ default iOS Mail application on their iPhone or iPad.
 
“The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13,” wrote researchers.
 
According ZecOps, the vulnerability allows hackers to remotely access data from targeted iPhones running the most recent iOS version. They add, the flaw can also give adversaries access to messages associated with Apple’s default Mail app.

Read more: https://threatpost.com/apple-patches-two...rs/155042/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,067 in 3,839 posts
Thanks Given: 6,263
Joined: 12 September 18
#2
Information  24 April 20, 12:36
UPDATE: Apple Pushes Back Against Zero-Day Exploit Claims
Quote:Apple has pushed back against claims that two zero-day bugs in its iPhone iOS have been exploited for years, saying it’s found no evidence to support such activity.
 
Apple officials made the statement in response to a widely disseminated report published Wednesday by ZecOps, which claimed that two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads already had been exploited in the wild since 2018 by an “advanced threat operator.”
 
“Both vulnerabilities exist at least since iOS 6 – (issue date: September 2012) – when iPhone 5 was released,” ZecOps said in its report.

However, Apple said in a statement to Bloomberg’s Apple correspondent Mark Gurman that he posted on Twitter that this is just not true.
“We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users,” the company said in the statement.

Read more: https://threatpost.com/apple-pushes-back...ms/155108/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
CrystalDiskInfo 9.3.0
Changes in 9.3.0: ...harlan4096 — 06:59
Microsoft OneDrive on the web is adding ...
Microsoft has anno...harlan4096 — 06:08
Vivaldi Stable 6.7 (3329.21)
Vivaldi Stable 6.7...harlan4096 — 17:09
Mozilla Firefox Browser 125.0.3
Mozilla Firefox Br...harlan4096 — 15:17
ThunderSoft Photo Gallery Creator [for ...
ThunderSoft Photo Ga...ismail — 09:51

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>