Skip to main content

Israeli Security Firm Discovers iPhone Vulnerability Exposing Millions to Hackers

N

Nyakundi Report

Newsroom 2 min read

This archive report was first published on 22 April 2020.

Published on April 22, 2020, a security firm in Israel, ZecOps, discovered a critical vulnerability in Apple's iPhone and iPad software that may have left over half a billion devices vulnerable to hackers.

The vulnerability, which affects the Mail app on iPhones and iPads, was discovered by Zuk Avraham, the chief executive of ZecOps, while investigating a sophisticated cyberattack against a client in late 2019.

According to Avraham, the vulnerability was exploited in at least six cybersecurity break-ins, and he found evidence that a malicious program was taking advantage of the vulnerability as far back as January 2018.

Avraham explained that the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. The hack involved sending an apparently blank email message through the Mail app, which would force a crash and reset, opening the door for hackers to steal other data on the device.

Two independent security researchers who reviewed ZecOps' discovery found the evidence credible, but said they had not yet fully recreated its findings. Patrick Wardle, an Apple security expert and former researcher for the U.S. National Security Agency, confirmed that the discovery 'confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices.'

Apple acknowledged the vulnerability and has developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.

Be the first to react

Support

Support this reporting

M-Pesa support recorded against this story.

Send support →

Stay close

Get the briefing

Major updates by email. No spam.

Get email brief →

Share

Save share card

Download a clean portrait card for sharing.

Save image →