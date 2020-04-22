The ZecOps company has just announced that it has discovered two previously unknown security flaws that affect the iOS or iPadOS Mail app. By exploiting the two faults it is possible to remotely access the messages stored in the app.

One more reminder of the importance of updates

According to this San Francisco-based company, one of the two vulnerabilities allows an attacker to compromise the security of the device by sending an email that consumes a significant amount of memory. The second vulnerability, on the other hand, allows code to be run remotely on the device. Combined, as ZecOps explains, the two vulnerabilities would allow an attacker to access, modify or delete emails within the Mail app.

It appears that this vulnerability affects devices from iOS 6 to iOS / iPadOS 13.4.1, the current version. Apple has fixed the bug in the latest beta of iOS 13.4.5 that will hit the general public in the coming weeks. Given the situation it is possible that Apple release a minor update, for example 13.4.2, with the necessary corrections.

According to ZecOps, the use of these security flaws has been in use since January 2018, with version 11.2.2 of iOS. The targets of an attack could be personal, government, or executives of major corporations and companies. For now, the only option, aside from waiting for a prompt response from Apple, seems to be deactivating Mail (Settings> Our name> iCloud> Mail) on the device and access emails through icloud.com.

It should be noted that, according to good industry practices, ZecOps should have given Apple 90 days to fix the situation after communicating it. Apparently the company has decided skip that period to make your findings known as soon as possible to the community. A decision, it should be mentioned, that may have a negative impact on the safety of users, as an update is not yet available. Still, it is important to remember that this is an attack that must be explicitly directed in a specific direction, so although the risk is there, it is less than it may appear.

As we have explained on many occasions, operating system updates go far beyond the new functions: they ensure the security and privacy of our data. If we value this security, the recommendation is to always keep our devices updated.

