Hackers have found a major iPhone and iPad flaw that allows them to steal user data — and the flaw has made devices vulnerable since 2018.
Now Apple Inc has announced it will fix the flaw that may have left more than half a billion iPhones vulnerable to hackers.
San Francisco-based mobile security forensics company ZecOps discovered the bug. ZecOps CEO Zuk Avraham said he found evidence that the vulnerability was exploited in at least six cybersecurity break-ins, Reuters reported.
Through a spokesperson, Apple confirmed the flaw, noting that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app. Apple has developed a fix that it says will be rolled out sometime in the future.
Avraham told Reuters he found evidence that a malicious program used the flaw in Apple’s iOS mobile operating system as far back as January 2018. However, he could not determine who the hackers were. Reuters said it could not independently verify Avraham’s claim.
“To execute the hack, Avraham said victims would be sent an apparently blank email message through the Mail app forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details,” Reuters reported.
The flaw then allowed hackers to remotely steal data off iPhones and IPads, even those running recent versions of iOS. Also, on its own, the flaw would allow access to the Mail app, including confidential messages.
Avraham is a former Israeli Defense Force security researcher.
ZecOps discovered that the Mail app hacking technique had been used in 2019 against an unnamed client, described as a Fortune 500 North American technology company.
Listen to GHOGH with Jamarlin Martin | Episode 70: Jamarlin Martin Jamarlin goes solo to discuss the COVID-19 crisis. He talks about the failed leadership of Trump, Andrew Cuomo, CDC Director Robert Redfield, Surgeon General Jerome Adams, and New York Mayor de Blasio.
Two independent security researchers reviewed ZecOps’ discovery and found the evidence credible.
Since Apple did not know of the software bug until recently, “it could have been very valuable to governments and contractors offering hacking services. Exploit programs that work without warning against an up-to-date phone can be worth more than $1 million,” Reuters reported.
“Avraham said he was able to recreate the circumstances of the exploit based on information gathered from ‘crash reports,’ the data that’s collected and reported when a device crashes in the midst of an operation,” The Motley Fool reported.
