Wednesday, December 02, 2020

Uncategorized

Apple says Mail app vulnerabilities don’t post an ‘immediate risk’ to users

app don’t an ‘immediate ’ to

İstanbul, Turkey - December 13, 2013: Close up shot of the applications of iPhone 5 screen. The iPhone 5 is a touchscreen smartphone developed by Apple Inc.


hocus-focus via Getty Images

Apple has downplayed the danger of a Mail bug disclosed recently by a security firm, according to a tweet from analyst Rene Ritchie. According to ZecOps, the app has a zero-day exploit that could let attackers infect your iOS device even if you don’t click on links or take other actions. Furthermore, ZecOps said it had evidence that attackers had attempted to use the for at least two years against six or more potential targets around the world.

However, Apple told Ritchie that the issues discovered by ZecOps are “insufficient [alone] to bypass iPhone and iPad security protections, and we have found evidence they were used against customers.” Apple added that “these issues do not pose an immediate risk to our users…these potential issues will be addressed in a software update soon.”

ZecOps originally said that it found its evidence through digital clues left behind in iOS, adding that it couldn’t obtain proof in the form of messages as they had been deleted from targets’ phones. In a response to Apple’s statement, the company reiterated its stance that it had seen “triggers in-the-wild” for the exploit and that once the update has been pushed to users it will “release more information and POCs (proof of concepts)” to further clarify its original findings.

A security researcher from Jamf told the WSJ that the evidence of attacks was “compelling” but not authoritative. In any even, while Apple is now saying that the vulnerabilities weren’t exploited in the wild, they were clearly still serious enough to warrant a patch.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Comment



Comments

Share
6
Shares

Share

Tweet

Share


Go to Source

Author: {authorlink}
https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true Engadget RSS Feed https://www.engadget.com/rss.xml

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics