A security firm has reportedly found a flaw in over half a billion iPhones and iPads which left the devices vulnerable to hackers.
Reuters reports an iPad and iPhone security bug was discovered by mobile security forensics company ZecOps during its investigation into an attack in 2019.
ZecOPs CEO Zuk Avraham says his evidence points to the exploitation being used in at least six attacks.
According to Reuters:
An Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.
Apple declined to comment on Avraham’s research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.
Avraham said he found evidence that a malicious program was taking advantage of the vulnerability in Apple’s iOS mobile operating system as far back as January 2018. He could not determine who the hackers were and Reuters was unable to independently verify his claim.
How the iPhone security bug works
Avraham says victims are sent what appears to be a blank email message through the Mail app, forcing a crash/reset. This allows hackers to steal other device data.
ZecOps says the vulnerability allowed attackers access to data even if the devices were running recent iOS iterations.
The Reuters report says Apple is working to address the issue.