A newly revealed vulnerability of the iPhone gives hackers another reason to love email.

According to San Francisco-based security firm ZecOps, bad actors have found a way to attack iOS devices through their default email app. And here’s the real kick in the gutters: In some cases, you don’t have to trick the email open. Damage is only done through your phone by downloading malicious email in the background.

ZecOps published details of the vulnerability on Monday, saying it saw the attack “widely exploited in the wild.” In other words, ZecOps says this is not just some theoretical bug. Instead, people actually used it in targeted attacks. The vulnerability affects, to some degree, every version of Apple’s operating system from iOS 6 and up.

“The vulnerability enables remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amounts of memory,” ZecOps explains. “The vulnerability can be triggered before the whole email is downloaded, so the email content should not remain on the device.”

Phones running iOS 13 are particularly vulnerable, as they report that there is no need to open an email for doing so. If you’re running iOS 12, you’re even better – you’ll need to click the email first, but your phone is still in danger if you do.

We reached out to Apple to confirm the ZecOps report and to determine when, when, it plans to issue a patch. Apple has confirmed that a weakness in Mail has been patched into the iOS 13.4.5 beta, which is out now, and will be included in an upcoming software update.

This, it is reported, is what looks like a failed attack on an iPhone.

Currently, assuming you are not running a beta version of iOS, ZecOps says there is no way to prevent this attack other than disabling the default iOS mail app.

So, should you worry about it? Well, that depends. Do you have any important information that a country-state might want a piece of? If so, then you can.

The victims of this attack, ZecOps claims, include “individuals from a Fortune 500 organization in North America,” “an executive from a carrier in Japan,” “a VIP from Germany, “” [managed security service providers] from Saudi Arabia and Israel, “and” a European journalist. “

In other words, your average Joe doesn’t have to be stressed about this much.

However, it is worth noting that no operating system is completely hack-proof. And yes, Apple does too. Oh yes, and it also serves as a weird reminder that you should always make sure your phone is running the latest version of iOS – whether you are an average Joe or not.

