In brief:
The team at Binance has notified its crypto exchange users of a new vulnerability affecting the mail applications on Apple devices. The security threat was first made public by the ZecOps Research team
on the 20th of April. The vulnerability has been found to have existed since iOS 6 that was first released in September 2012. All versions since then, and up to iOS 13, are affected. The team at ZecOps further explained how it was detected.Following a routine iOS Digital Forensics and Incident Response (DFIR) investigation, ZecOps found a number of suspicious events that affecting the default Mail application on iOS dating as far back as Jan 2018. ZecOps analyzed these events and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time.
According to ZecOps, the vulnerability allows a malicious individual to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13). Such access would allow the attacker to leak, modify and delete emails. The team further informed iOS users that they are investigating another related vulnerability.
The team at Binance further provided the following steps to ensure iOS users protect their mobile crypto trading activities from the vulnerability.
(Feature image courtesy of Ilya Pavlov on Unsplash.)