Security Bug Allows Hackers to Remote Control iPhone or iPad by Sending an Email
The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.
A pair of security bugs exploit Apple’s default email app and can allow a hacker to remote control an iPhone or iPad. The email apps are installed on millions of iPhones and iPads. Hackers send an email to a target. If that email address is logged in to the vulnerable apps, the hacker can remote control the device. According to a post by cyber security researchers at ZeroCops, the exploits have been used to spy on high-profile iPhone users.
Apple mail is vulnerable to this attack. Microsoft Outlook and Gmail are not impacted by this issue.
A large email is not required to trigger the vulnerabilities to remote control an iPhone or iPad. An email which consumes enough RAM works. In addition, the vulnerabilities can be set off before the email is fully downloaded. The user does not necessarily have to interact with the email to trigger the vulnerability. Making this especially dangerous. Affected devices include every iPhone or iPad made over the last eight years (since September 2012) from iOS 6 (iPhone5) up to and including the current operating system iOS 13.4.1
If affected, iOS users may notice their email app slows down temporarily. With iOS 12, the mail application crashed after successful and unsuccessful attacks. A successful attack is not noticeable with iOS13 other than a temporary slowdown. According to the ZeroCops report, “In failed attacks, the emails that would be sent by the attacker appear as below in the image below.
According to ZeroCops, the two zero-day flaws have been used to remote control iPhones of high-profile users in various organizations including managed security service providers (MSSP) from Saudi Arabia and Israel, journalists in Europe, Fortune 500 companies in North America, an executive from a carrier in Japan, a German VIP, and possibly an executive from a Swiss enterprise
Phishing emails and other online scams typically required some interaction or response from the target. This is s security bug which can take over a device without interaction from (or the knowledge of) the user.
Can iPhones Get Malware?
Although it is not common for iPhones to get malware, they can. iPhones that have been jailbroken so they can download and use apps outside of the official Apple app store are subject to malware. You may notice abnormal behavior of your iPhone is infected with RAT malware, spyware or other malware. Your phone may be slow.