Apple insists big Mail app security flaws have not been exploited

By

Mail app inbox
Nothing to worry about?
Photo: Ste Smith/Cult of Mac

Apple insisted on Friday that there is no evidence to suggest serious security flaws in its Mail app have been exploited.

The company says the issues do not pose an immediate risk to iPhone and iPad users. Its statement seems to dispute earlier claims from security researchers, who published details of at multiple suspected “attacks” on Wednesday.

“We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users,” Apple told Bloomberg.

This comes after cybersecurity firm ZecOps revealed that it had discovered “a number” of vulnerabilities in the Mail app that date back as far as January 28. It warned that the flaws could be exploited without a user’s knowledge.

Apple says users are safe

ZecOps stated, with “high confidence,” that the vulnerabilities had been used “in the wild in targeted attacks.” It listed a number of targets, including individuals from a Fortune 500 company in the U.S., and a journalist in Europe.

Others included a carrier executive in Japan, an executive from a Swiss enterprise, and security providers in Israel and Saudi Arabia.

ZecOps also warned that it was aware of at least one “hackers-for-hire” organization that is selling exploits that might take advantage of the Mail app vulnerabilities. It advised users to update as soon as a fix is available.

Apple has downplayed these findings, and dismisses the claims that iPhone and iPad users have already been exploited. It also insists that its security protections are enough to prevent potential attacks.

No evidence

“The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers,” Apple added.

Apple did not reveal when a fix for the vulnerabilities might be available. The flaws are still present in iOS 13.4, and in the most recent iOS 13.4.1 beta. Those who are concerned can follow our guide on protecting yourself against a potential attack.