Apple has found ‘no evidence in report by cyber security company ZecOps that discovered two vulnerabilities in Apple iOS mail which they believed are widely exploited in the wild to target iPhone and iPad users.
The security researchers at San Francisco-based ZecOps discovered the bugs in the default iOS and iPadOS Mail app. The bugs allow to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13). Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails.
Also Read:2 Apple Mail bugs being used to target iPhone, iPad users
- "Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher's report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users," the tech giant said in a statement.
- The company added that the researcher identified three issues in Mail, "but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers".
- ZecOps had said that "additional kernel vulnerability would provide full device access -- we suspect that these attackers had another vulnerability. It is currently under investigation".