An iOS flaw has been discovered, which would allow hackers to crash and reset an iPhone or iPad and gain access to some of the stored data.
The vulnerability is in the Mail app and is activated by sending a special email, even a blank one, which causes the device to crash. From there the hacker could gain access to the device’s emails and even its entire data by using a kernel exploit.
The flaw is zero-click on devices running iOS 13, which means that the user doesn’t need to open the email in order to get hacked – it’s received in the background and starts wreaking havoc.
The flaw was discovered by San Francisco-based private security company ZecOps, during an investigation of a cyber attack against one of its clients. The client in question is a Fortune 500 North American company.
ZecOps has apparently found evidence that the flaw was exploited before, once again targeting high-profile business users, although this hasn’t been verified.
Apple has acknowledged that the flaw exists and that it’s working to fix it. A patch has apparently been included in the iOS 13.4.5 beta, which is yet to be released to all devices.