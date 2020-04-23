Cybersecurity company ZecOps said today that it has discovered what it looks like to try to exploit with a new iOS vulnerability.

Apple is currently investigating the matter and the company is preparing a security update to be available soon.

A new email-based exploit has been discovered with iOS

In a report released today, ZecOps said it found evidence that hackers have been using an iOS bug since at least January 2018. Researchers say the new iOS exploit appears to have been exploited as part of the emails poorly sent emails to high profile iOS users.

ZecOps researchers claim that the attack is a zero-click exploit that does not require users to interact with email, with the exploit activated once the user receives the email or the user opens the Apple application Mail. According to the researchers, the exploit is not triggered in Gmail or other email clients.

“The vulnerability allows you to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13),” the ZecOps team said. “Successful exploitation of this vulnerability would allow the attacker to filter, modify and delete emails.”

The security signature said the exploit does not grant control over the entire device and that an attacker would also need an additional iOS kernel vulnerability.

“We suspect these attackers had another vulnerability. It is currently under investigation,” ZecOps said.

The company said it has so far detected attempts to exploit targets such as:

Individuals from a Fortune 500 organization in North America

An executive of a company in Japan

A VIP from Germany

MSSPs of Saudi Arabia and Israel

Journalist in Europe

Suspected: an executive of a Swiss company

“We believe these attacks are correlated with at least one nation-state threat operator or nation-state that acquired the exploitation of a third-party researcher with a Proof of Concept (POC) degree and used ‘as is’ or with minor modifications, “ZecOps said.

ZecOps did not want to call the group “nation state” which they believe exploited this error.

Apple is investigating the report. A patch will also arrive.

ZecOps said it notified Apple on Feb. 19. Initially, ZecOps reported what appeared to be a regular security flaw and worked with Apple to fix the issue.

Apple released a patch for this bug on April 15, with the release of iOS 13.4.5 beta.

Things changed, however, on Monday, when ZecOps said it discovered evidence in customer records of attempts to exploit the problem. The company released its report today with the aim of notifying iOS users of the attacks and the need to install iOS version 13.4.5 once it is generally available.

ZecOps said that while a possible exploitation of the error was detected until January 2018, the error could have been exploited even earlier. The company said it replicated the issue until iOS 6, released in 2012.

Image: ZecOps

There are additional technical details about the vulnerability and its internal workings for Apple users and security experts in the technical writing of ZecOps.

Until a patch was available, ZecOps recommended that users disable the Apple Mail client and use Gmail, Outlook, or another email application.