Researchers have discovered vulnerabilities in the mail app for iPhone and iPad, which hackers can use to steal data from the device, including to access cryptocurrency wallets.
Vulnerabilities discovered by ZecOps researchers allow hackers to run remote code using Apple MobileMail and Mailid processes in iOS 12 and iOS 13. Researchers claim that hackers have already used vulnerabilities to steal personal data from some iPhone users.
The ZecOps team reported the vulnerabilities last week, clarifying that they were discovered last year. However, researchers have only recently learned that six organizations have been victims of fraud since 2018. Zecops CEO ZUK Avraham explained how scammers use the iPhone mail app for their own purposes.
First, hackers run remote code in Apple’s MobileMail and Mailid processes in iOS 12 and iOS 13 using a specially created email. Zecops researchers note that vulnerabilities have existed since at least iOS 6 or the release of iPhone 5. Therefore, we recommend that all users of these and later released devices disable the mail app or download the latest version of iOS.
Once an email reaches the iPhone, an attacker can freely control the device’s memory and remotely launch malware that helps steal data from the smartphone without the user noticing. This also applies to access data to cryptocurrency wallets, which hackers can use to steal crypto assets.
“Based on ZecOps research and threat analysis, we believe with great confidence that these vulnerabilities, in particular remote dynamic memory overflow, are widely used by hackers for attacks,” the company said in a blog post.
Abraham also noted that the primary target of the attackers were not ordinary American citizens. The first attack of fraudsters was aimed at one of the employees of a well-known American company from the Fortune 500 list and a European journalist, whose name the researchers did not disclose. Security experts have not yet been able to identify the attackers.
Hackers are keeping up with the times – cybersecurity researchers periodically detect vulnerabilities used by fraudsters to steal personal data of smartphone users and access cryptocurrency wallets. In December, Promon researchers discovered a vulnerability that allows hackers to access personal data on any Android phone.