• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » data privacy » Hackers Can Remote Control iPhone with email Flaw

Hackers Can Remote Control iPhone with email Flaw

2020-04-23 by Michelle Dvorak

Remote Control IPhone

Security Bug Allows Hackers to Remote Control iPhone or iPad by Sending an Email

The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.

A pair of security bugs exploit Apple’s default email app and can allow a hacker to remote control an iPhone or iPad. The email apps are installed on millions of iPhones and iPads.  Hackers send an email to a target. If that email address is logged in to the vulnerable apps, the hacker can remote control the device. According to a post by cyber security researchers at ZeroCops, the exploits have been used to spy on high-profile iPhone users.

Apple mail is vulnerable to this attack. Microsoft Outlook and Gmail are not impacted by this issue.

A large email is not required to trigger the vulnerabilities to remote control an iPhone or iPad. An email which consumes enough RAM works. In addition, the vulnerabilities can be set off before the email is fully downloaded. The user does not necessarily have to interact with the email to trigger the vulnerability. Making this especially dangerous. Affected devices include every iPhone or iPad made over the last eight years (since September 2012) from iOS 6 (iPhone5) up to and including the current operating system iOS 13.4.1

If affected, iOS users may notice their email app slows down temporarily. With iOS 12, the mail application crashed after successful and unsuccessful attacks. A successful attack is not noticeable with iOS13 other than a temporary slowdown.  According to the ZeroCops report, “In failed attacks, the emails that would be sent by the attacker appear as below in the image below.

Remote Control iPhone Image Credit ZeroCops

According to ZeroCops, the two zero-day flaws have been used to remote control iPhones of high-profile users in various organizations including managed security service providers (MSSP) from Saudi Arabia and Israel, journalists in Europe, Fortune 500 companies in North America, an executive from a carrier in Japan, a German VIP, and possibly an executive from a Swiss enterprise

Phishing emails and other online scams typically required some interaction or response from the target. This is s security bug which can take over a device without interaction from (or the knowledge of) the user.

Can iPhones Get Malware?

Although it is not common for iPhones to get malware, they can. iPhones that have been jailbroken so they can download and use apps outside of the official Apple app store are subject to malware. You may notice abnormal behavior of your iPhone is infected with RAT malware, spyware or other malware. Your phone may be slow.

Filed Under: data privacy

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

FBI Cleans Hafnium Compromised Servers: Saturday Sitrep

Facebook Faces EU Lawsuit Over 2019 Data Leak

COVID Vaccine Cold Chain Targeted By Spear Phishing

Cyber Security Research Engineer Job Posting

Russia Hacks Swedish Sports Confederation

IPVanish

IPVanish VPN

Cyber Security News

Facebook Faces EU Lawsuit Over 2019 Data Leak

… [Read More...] about Facebook Faces EU Lawsuit Over 2019 Data Leak

COVID Vaccine Cold Chain Targeted By Spear Phishing

… [Read More...] about COVID Vaccine Cold Chain Targeted By Spear Phishing

Russia Hacks Swedish Sports Confederation

… [Read More...] about Russia Hacks Swedish Sports Confederation

Some Huawei Android Devices Infected with Malware

… [Read More...] about Some Huawei Android Devices Infected with Malware

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card Cyber Attack DHS Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware Romance Scam Russia smartphone SolarWinds tax scam TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2021 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version