Apple has already released the best iPhone of 2020, but now millions of iPhone owners – both old and new – need to be careful because the company has just confirmed a massive iOS security hole which impacts almost every iPhone on the planet.
Following the publication of a devastating report from ZecOps (covered here by Forbes), which claimed that every iPhone running a version of iOS 6 or newer is vulnerable to remote attacks, Apple has now confirmed the problem is real.
So what are we dealing with? What ZecOps discovered is a serious vulnerability in Apple’s iOS Mail app which allows an attacker to remotely infect an iPhone and gain control over their inbox. In addition, not only did ZecOps find that the attacks can happen without an iPhone owner’s knowledge but they have been happening for more than two years, with the first attack subsequently detected back in January 2018.
And there’s a further kicker: ZecOps found that the attacks are easier to perform on iOS 13 than previous generations of iOS. For example, ZecOps explains that with iOS 12, an attacker requires the iPhone user to open a malicious email. But with iOS 13, it can be triggered unassisted simply from the Mail app being opened in the background.
Apple iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iOS security, iOS update, iOS 13,
ZecOps has issued this infographic highlighting[+]
The good news? Apple has confirmed to Vice that it has managed to patch the vulnerability in the latest iOS 13.4.5 beta and it looks like the company will now accelerate its release (with iOS 13.4.1 the previous update, it appears that Apple will now be skipping some digits unless it pushes out a dedicated iOS 13.4.2 release instead).
Until then, ZecOps states that there are two ways to stay safe: disable the Mail app (Apple has a guide here) and use a third-party app instead. Notably, it found both Outlook and Gmail are not vulnerable to the exploit so there’s no need to bury your iPhone in a box and drop it in the sea.
That said, none of this hides the fact that a serious exploit running through eight iOS generations (iOS 6 was released in September 2012) is eye-opening. It also means that almost every iPhone in use today (Apple claims 1.5 billion active devices of which iPhones make up the majority) is impacted. This is because iOS 6 was released for all iPhones other than the original (released 2007) and it’s successor, the iPhone 3G.