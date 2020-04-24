The ZecOps company announced a couple of days ago that it had discovered two previously unknown security flaws that affect the Mail app for iOS. By exploiting these flaws, according to its discoverers, it is possible to remotely access the file system of an iPhone or iPad. Now Apple has answered and clarified doubts about the situation.

A major but insufficient failure to compromise devices

The history of this vulnerability dates back to February 19, when ZecOps reported abnormal behavior of the Mail app and, later, on March 31, the company informed Apple of a second vulnerability. On April 20, ZecOps communicated to Apple that they had discovered some evidence that this vulnerability was being used. Now Apple has publicly responded clarifying the situation.

Apple takes all reports of security threats very seriously. We have thoroughly investigated the investigator’s report and, based on the information provided, we have concluded that these errors do not pose an immediate risk to our users. The researcher identified three problems in Mail, but by themselves they are Not enough to bypass iPhone security protections and the iPad, and we have found no evidence that they have been used against customers. These potential issues will be addressed in a software update that will be released soon. We value our collaboration with security researchers to help keep our users safe and we will reward the researcher for their help.

In other circumstances, Apple’s actions in the event of an occasional security breach have been extremely fastSo the fact that we can now wait for an upcoming update reinforces Apple’s message: It is a security flaw, but insufficient to compromise device security.

Even with everything, and as we always remember, the updates, both this next one and all the others, contain bug fixes. Too many times during my training I hear phrases like “I don’t install Catalina yet because she is very unstable”, okay, it depends on what we understand as unstable, but one thing is clear: system security is being compromised.

For now we can only wait for the future update. If we want to go a step further we can disable Mail (Settings> Our name> iCloud> Mail) on the device and access emails through icloud.com, a measure that, if we listen to Apple, is unnecessary.

