Critical Security Flaw Found in Apple MobileMail/Maild

PUBLISHED:
23 April 2020

Critical Security Flaw Found in Apple MobileMail/Maild

Security researchers found a critical flaw in the iPhone Email app. It is possible to infect and compromise an iPhone only by sending an email. This exploitation can be carried out even without opening the email sent by the attacker. Exploitations are wild and reported worldwide.

Attackers have used Out of Boundry (OOB) Write and Heap Overflow vulnerabilities in a MIME library MFMutable of email app to carry out the remote code execution exploitation. A kernel bug was possibly used afterward for full control over the targeted device.

Affected Versions

  • All iOS versions from iOS 6 and above including iOS 13.4.1.

Mitigation

  • Disable Apple Email until a patch is available
  • Update to iOS public beta version 13.4.5 or later version

More Infomation

  • You’ve Got (0-click) Mail! Unassisted iOS Attacks via MobileMail/Maild in the Wild – https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/
21 April 2022 [NO.TCSA : 20220422-1-1-P]

A Critical Unauthenticated Remote Code Execution (RCE) Flaw Found in WSO2 API Manager, Identity Server & Enterprise Integrator

READ MORE READ MORE
19 April 2022 [NO.TCSA : 20220419-1-1-P]

Possible Increase of Intrusion Attempts on Sri Lankan Websites

READ MORE READ MORE
1 April 2022 [NO.TCSA : 20220401-1-1-P]

Spring4Shell – A Critical Remote Execution Found Spring Framework

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN