How to Protect Yourself From IOS Zero-Day Email Attacks
Security researchers recently discovered two zero-day vulnerabilities that have been present in the standard Mail app for iPhone and iPad for years. Both vulnerabilities allow hackers to carry out remote attacks using emails containing malicious code, and you may not even have to do anything to get hurt.
The severity of these errors depends on the version of iOS installed on your device. IOS 12 users can only be attacked if they open an infected email in the Mail app, while iOS 13 is vulnerable to “unaided attacks” that run without the user’s need to interact with the email or its contents. …
Fortunately, despite how intimidating these bugs can sound, Apple has a fix. In the meantime, most users find it pretty easy to secure themselves.
Apple’s new iOS 13.4.5 fixes both bugs. It’s available in beta right now if you feel like you want to use a potentially more buggy version of iOS, but the update could be rolled out to everyone within a few more days. If you want to block any possibility of getting hit by this attack, you can also disconnect your email accounts from the Apple Mail app and switch to a third-party email app in the meantime. (Chances are you’ll be fine just waiting for the patch.)
While both iOS email bugs have been successfully exploited by hackers, the confirmed attacks have been limited to Fortune 500 organizations in the US, large business targets in Japan and Europe, and at least one European journalist. So, unless you are a business executive or a public rep, you probably won’t receive malicious emails. Either way, iOS 13.4.5 should be in the public domain and coming to your iPhone soon.
[ Threatpost ]