The critical iOS mail vulnerability was identified on the 20th of April.
As of now, it is known to exist since iOS 6.
CZ and the team at Binance have alerted the crypto trading community and offered additional advice.
The team at Binance has notified its crypto exchange users of a new vulnerability affecting the mail applications on Apple devices. The security threat was first made public by the ZecOps Research team on the 20th of April. The vulnerability has been found to have existed since iOS 6 that was first released in September 2012. All versions since then, and up to iOS 13, are affected. The team at ZecOps further explained how it was detected.
Following a routine iOS Digital Forensics and Incident Response (DFIR) investigation, ZecOps found a number of suspicious events that affecting the default Mail application on iOS dating as far back as Jan 2018. ZecOps analyzed these events and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time.
What the Vulnerability Means for iOS Users
According to ZecOps, the vulnerability allows a malicious individual to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13). Such access would allow the attacker to leak, modify and delete emails. The team further informed iOS users that they are investigating another related vulnerability.
How to Ensure You are SAFU
The team at Binance further provided the following steps to ensure iOS users protect their mobile crypto trading activities from the vulnerability.
Remove the iOS Mail app after which the user goes to Settings > Password & Accounts. Users are advised to set Fetch New Data to ‘Manual’ and disable ‘Push’.
Once the iOS mail application is deactivated, users are advised to use dedicated email clients such as Gmail or Outlook. Additionally, they can use web browsers such as Safari or Chrome to access their mail
An upgrade to the latest iOS 13.4.5 beta is advised by following the steps here.
(Feature image courtesy of Ilya Pavlov on Unsplash.)