The bug, which was responsible for various cyber-attacks on Apple Inc. or Apple’s products such as iPhones and iPads, was discovered by ZecOps, a San Francisco-based mobile security forensics company. ZecOps discovered the pieces of evidence while it was investigating a sophisticated cyberattack against a high-profile client that took place in late 2019.
The chief executive of ZecOps, Zuk Avraham stated that he found evidence about Apple’s vulnerability and claimed that the tech giant had been exploited in at least six cybersecurity break-ins because of its vulnerable conditions.
Apple’s Vulnerability Allows Hackers to Exploit Users
As per a report published on Wednesday, April 22, 2020, Avraham’s research claimed that hackers took advantage of the flaw existed on Apple’s products and exploited high-profile users by stealing their personal information. Avraham added that the incidents behind the cyber-attacks on Apple’s users could be traced back as early as January 2018.
Without sharing the details of who were the hackers, ZecOps claimed that the vulnerability of Apple allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. Perhaps, the hackers, using the flaw, could have given access to whatever the Mail app had access to, including confidential messages.
Avraham explained that hackers would send an apparently blank email message to victims through the Mail app forcing a crash and reset. Using the crash of the operating system, hackers proceeded to steal other data on the device, such as photos and contact details.
An Apple spokesman responded that the company was aware of the vulnerability that existed in Apple’s software for email on iPhones and iPads, known as the Mail app, and claimed that it had developed a fix, which would be soon introduced in a forthcoming update on millions of its devices sold globally.
Credible Evidence of Apple’s Flaws
After reviewing ZecOps’ discovery, two independent security researchers stated that the findings of ZecOps have credible evidence but said they were yet to fully recreate its findings since Avraham used most of his conclusions on data from “crash reports,” which were generated when programs failed in mid-task on a device.
Patrick Wardle, an Apple security expert and former researcher for the US National Security Agency, asserted that the discovery “confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices.”
Analysts considered that the cyber-attack incidents on Apple were a dangerous task for the cybersecurity industry since it could affect millions of users because of the high popularity of the company’s devices. It was reported by Apple that there were about 900 million iPhones in active use in 2019.
Bill Marczak, a security researcher with Citizen Lab, a Canada-based academic security research group, called Apple’s vulnerable situation was “scary.” Marczak claimed, “A lot of times, you can take comfort from the fact that hacking is preventable… With this bug, it doesn’t matter if you’ve got a Ph.D. in cybersecurity, this will eat your lunch.”
I’m Roshan, a journalist, blogger and music lover. I like covering global news related to finance, business and technology. Focusing on the collection of true and reliable information, I rely on working by conducting interviews with business leaders and talking to the inside sources of companies.
You can contact me: [email protected]