Apple, responding to a recent report on iOS Mail app vulnerabilities, denies that the issues pose an immediate risk to users.
Earlier this week cybersecurity firm ZecOps revealed that it had discovered two zero-day security vulnerabilities that affects Apple’s Mail app for iPhones and iPads.
ZecOps explains the vulnerabilities as follows:
Apple has responded to the report by saying the flaws do not pose an immediate threat to iOS Mail users:
“Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.”
The vulnerabilities are believed to affect all iOS software versions between iOS 6 and iOS 13.4.1. ZecOps reports that Apple has patched the security holes in the latest beta of iOS 13.4.5, which should be released sometime in the next few weeks. Until the patch is available, ZecOps recommends using a third-party email app like Gmail or Outlook, which do not include the vulnerabilities.