A security gap in the operating system of Apple’s iPhones and iPads devices, which may have exposed hundreds of millions of users to the risk of hackers brought to light by US cyber-security company ZecOps.
Apple has announced that the relevant “patch” that will fix the problem will be included in the next update of its iOS software. The “backdoor” was found in the “Mail” e-mail application, according to Reuters and the BBC.
ZecOps informed Apple confidentially in March and made the problem public with a delay to give Apple time to proceed with the fix.
To exploit the security gap a malicious hacker could send a seemingly blank email to an iPhone or iPad. When the user opened the message, the application would crash and the user would have to turn it on again, giving the hackers access to their device and the ability to steal data remotely (photos, etc.).
In this case -different from others that were hacked- users did not need to “download” any malicious external software, or visit a website-trap that contained such software (malware).
The researchers, led by Zuk Abraham (a former cyber-security official in Israel’s army), who made the discovery, announced that a hacker could exploit the gap even in the latest versions of the iOS operating system.
In fact, ZecOps claims to have found evidence of attacks on well-known targets, including executives from major companies from North America, Japan, Saudi Arabia, Germany and Israel, as well as a European journalist, without revealing the identities of the “victims”.
Apple declined to comment on the allegations. In 2019, the company announced that about 900 million iPhones were in use worldwide.