CYBER NEWS

Two iOS Zero-Day Vulnerabilities Exploited in the Wild for Years

Two remotely exploitable, iOS zero-day vulnerabilities affecting the Mail app on iPhones and iPads were just discovered.

Fortunately, the bugs were patched in iOS 13.4.5 beta which was released last week. Unfortunately, it is highly likely that both bugs were exploited in the wild by an advanced threat actor since 2018, say researchers at ZecOps.

iOS Bugs Widely Exploited in the Wild

How were the attacks carried out? As seen in plenty other malicious scenarios, the attack starts with sending a specially crafted email to a victim’s mailbox. The malicious email triggers the vulnerability in the context of iOS MobileMail application on iOS 12 or mailid on iOS 13.




Based on ZecOps Research and Threat Intelligence, the researchers believe “with high confidence that these vulnerabilities – in particular, the remote heap overflow – are widely exploited in the wild in targeted attacks by an advanced threat operator(s)”.

The researchers also believe that the attacks are connected to “at least one nation-state threat operator or a nation-state that purchased the exploit from a third-party researcher in a Proof of Concept (POC) grade and used ‘as-is’ or with minor modifications”.

At least one hackers-for-hire company is selling exploits using vulnerabilities that take advantage of email addresses as a main identifier.

Related:
Several privilege escalation exploit chains were discovered in iOS devices by Google's Threat Analysis Group (TAG) and Project Zero teams.
Hackers Use iOS Exploit Chains Against iPhone Users

Who has been targeted?

Individuals from a Fortune 500 organization in North America are among the targets as welll as
an executive from a carrier in Japan, the report said. Other targets include a VIP from Germany,
MSSPs from Saudi Arabia and Israel, a journalist in Europe, and possibly an executive from a Swiss company.

What versions of iOS are affected?

All tested iOS versions are vulnerable including iOS 13.4.1,” the report says. Based on the researchers’ data, the vulnerabilities were actively triggered on iOS 11.2.2 and potentially earlier. “Versions prior to iOS 6 might be vulnerable too but we haven’t checked earlier versions. At the time of iOS 6 release, iPhone 5 was in the market,” the researchers concluded.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...