December 30, 2024 01:17 am (IST)
Follow us:
facebook-white sharing button
twitter-white sharing button
instagram-white sharing button
youtube-white sharing button
India mourns as nation bids farewell to Manmohan Singh with full state honours | Narendra Modi-led Union Cabinet passes 'Condolence Resolution' on passing of ex-PM Manmohan Singh | Space will be allocated for Manmohan Singh's memorial, announces Centre | He was my friend, philosopher, and guide: Sonia Gandhi remembers Manmohan Singh in an emotional post | Vladimir Putin condoles Manmohan Singh's death, calls him 'outstanding statesman' | Congress writes to PM Modi seeking space for building a memorial to Manmohan Singh | Manmohan Singh will be remembered as a kind person, a learned economist, and a leader dedicated to reforms: PM Modi | Russian ambassador to India Denis Alipov grieves Manmohan Singh's demise | Mumbai terror attack shook Manmohan Singh badly, recalls former deputy NSA | I have lost a mentor and guide: Rahul Gandhi writes on Manmohan Singh's demise

Apple iPhone at risk of hacking through email app, claims mobile security firm

| @indiablooms | Apr 23, 2020, at 05:50 pm

New York/IBNS: A flaw in the popular tech giant Apple's mobile operating system might have left several users of iPhone and iPad vulnerable to hackers, a mobile security firm has claimed.

Research published by ZecOps said in its blog post: "Following a routine iOS Digital Forensics and Incident Response (DFIR) investigation, ZecOps found a number of suspicious events that affecting the default Mail application on iOS dating as far back as Jan 2018."

"ZecOps analyzed these events and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time," the firm said.

The firm said the attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13.

"Based on ZecOps Research and Threat Intelligence, we surmise with high confidence that these vulnerabilities – in particular, the remote heap overflow – are widely exploited in the wild in targeted attacks by an advanced threat operator(s)," ZecOps said.

" Few of the suspicious events even included strings commonly used by hackers (e.g. 414141…4141) – see FAQ. After verifying that it wasn’t a red-team exercise, we validated that these strings were provided by the email-sender," it said.

Giving details, the firm said: "Noteworthy, although the data confirms that the exploit emails were received and processed by victims’ iOS devices, corresponding emails that should have been received and stored on the mail-server were missing. Therefore, we infer that these emails may have been deleted intentionally as part of attack’s operational security cleanup measures."

The company claimed that it believed that the attacks are correlative with at least one nation-state threat operator or a nation-state that purchased the exploit from a third-party researcher in a Proof of Concept (POC) grade and used ‘as-is’ or with minor modifications.

"While ZecOps refrain from attributing these attacks to a specific threat actor, we are aware that at least one ‘hackers-for-hire’ organization is selling exploits using vulnerabilities that leverage email addresses as a main identifier," the firm said.

Support Our Journalism

We cannot do without you.. your contribution supports unbiased journalism

IBNS is not driven by any ism- not wokeism, not racism, not skewed secularism, not hyper right-wing or left liberal ideals, nor by any hardline religious beliefs or hyper nationalism. We want to serve you good old objective news, as they are. We do not judge or preach. We let people decide for themselves. We only try to present factual and well-sourced news.

Support objective journalism for a small contribution.
Related Images
Xi Jinping, Putin in Russia Mar 22, 2023, at 08:26 pm