ZecOps Cyber-security researchers found out a risky bug in the default Mail application in iOS in January 2018. For some years, hackers are misusing industry users, VIPs, and cyber-security service providers. Apple repaired the problem in the beta for iOS 13.4.5 after contacted by ZecOps. But, the fix is not available in the stable build yet. So, it means that it has to roll out for most of the users.
As per an official blog post, the susceptibility that changes the iPhones and iPads that allows the remote code performance and allows an attacker to affect a device by sending the emails that have some amount of memory by using RTF, multi-part, and other methods. In iOS 13, misuse can happen without a click, i.e., the Mail application is opened in the background. The researchers are saying to the users not to use the Mail till the patch is available to stop an attack.
The susceptibility is there from iOS 6, which came with the iPhone 5 in 2012. The first attack took place on iOS 11.2.2 in January 2018. All the tested iOS versions, also version 13.4.1, are suspected to the exploits. The ZecOps did not talk about any of the attacks done by a specific attacker. But, the researchers say that they saw one hackers-for-hire organization who is selling exploits by using the susceptibility that supports email addresses as the main identifier.
As per the researchers, susceptibility affects iPads and iPhones. It has also hit at least six organizations and their staff. The victims are the employees of a Fortune 500 company in North America, an executive from a carrier in Japan, a VIP in Germany. Also from the cyber-security firms in Saudi Arabia and Israel, and a journalist in Europe. The hacker might target an executive in a Swiss company.