+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Hackers may be attacking iPhones by sending emails that can infect phones without you even opening the email

Apr 22, 2020, 21:20 IST
Business Insider
Apple's iPhone 11 Pro.Jason Lee/Reuters
  • Hackers may have discovered a way to infiltrate iPhones using Apple's email software, according to cybersecurity firm ZecOps.
  • The flaw allows attackers to send a message containing malicious software that doesn't need to be clicked on in order to infect a device, the researchers found.
  • The vulnerability specifically affects those who use Apple's Mail app.
  • This flaw is the latest in a string of Apple security issues that have been discovered in the last year. A spokesperson for Apple did not immediately respond to Business Insider's request for comment.
  • Visit Business Insider's homepage for more stories.
Advertisement

Hackers may have figured out a way to attack iPhones using a malicious message sent through Apple's email software.

The flaw was discovered by cybersecurity firm ZecOps, and first reported by The Wall Street Journal.

According to ZecOps researchers, the security vulnerability is particularly sophisticated because it doesn't require users to click on anything in order for their devices to be infected. The attackers send emails that install malicious software once Apple's email reader begins downloading the message — the user doesn't even need to open the message at all.

The issue was particularly difficult to detect because the malicious code was contained in the email sent by the attackers, and the emails were either deleted by the user or by the attackers themselves, according to the Journal.

The vulnerability specifically affects those who use Apple's Mail app. It primarily affects the latest iPhone software, iOS 13, though ZecOps says the vulnerability has existed since at least iOS 6, which was released in 2012.

Advertisement

ZecOps was able to identify multiple targets in the attacks, including employees at a Japanese telecommunications firm, a North American company, and tech companies in Saudi Arabia and Israel, according to the Journal.

A spokesperson for Apple did not immediately respond to Business Insider's request for comment.

While Apple has historically been the gold-standard in cybersecurity, this security flaw is the latest in a string of Apple security issues that have been discovered in the last year. Last spring, hackers used a vulnerability in the messaging app WhatsApp to install malware on iPhones and other smartphones. And in August, Google researchers discovered that an iPhone hack may have targeted Uighur Muslims in China. In both situations, Apple patched the issues before they were made public.

Apple has experienced other software flaws in recent months. Last July, Apple had to temporarily shut down its Apple Watch Walkie Talkie app after discovering a bug that could allow someone to eavesdrop on someone else via their iPhone. Apple said at the time there was no evidence anyone had exploited the bug.

And when Apple's latest software, iOS 13, released last September, researchers discovered a bug that would make it possible for someone to access an iPhone's contact list without needing to unlock the phone, as well as a flaw that allowed third-party keyboards to unapproved access to your device. A subsequent software update has since fixed the flaws.

Advertisement
Read the original article on Business Insider
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article