Serious security vulnerability in iOS app “Mail

Threat Alert

Attackers can potentially use it to read, modify and delete emails on Apple’s iPhones and iPads. Whether they can cause further damage is still under investigation.

The email program installed on Apple’s smartphones and tablets has two serious security vulnerabilities in the iOS operating system, since and including version 6. The iOS 6 version was released back in 2012, and the current version is iOS 13. Apple’s own mail program for computers, which runs on the macOS operating system, is not affected by this vulnerability.

The vulnerability allows attackers to compromise the device just by sending an email. They can then read, modify and delete emails on the device. The perfidious thing: With older versions of iOS, it is enough to open the email. Clicking on a link or attachment as in classic phishing emails is not necessary. It is even worse with the current iOS 13: there, the mail only has to arrive in the inbox. Even unopened, hackers can then access the device.

The German Federal Office for Information Security (BSI) considers the vulnerabilities to be very critical. Apple said that the security vulnerabilities “do not pose a direct threat” to users. The problem will soon be fixed with a software update. It is not yet clear when exactly that will be. (The next version of the mobile operating system is currently in beta testing).

How to protect yourself?

  • Delete the “Mail” app on your iPhone or iPad, or disable synchronization with their mailer service
  • To continue to access your email, it is best to use the webmail services of your provider or install another email app
  • As soon as the iOS update promised by Apple is available, you should install it as soon as possible.

Detailed instructions on how to delete the app or disable synchronization can be found here, among other places.