24.04.2020 IMPORTANT: New iOS Mail app attack could compromise your iOS device without action from you

by Andrew Milne

Here’s how to protect your iOS devices today

If you depend on your iPhone or iPad Mail app for receiving and sending email, beware. A new iOS Mail attack, made public yesterday, requires your fast attention — your iOS device could be compromised.

Here’s what we know:

  • The iOS Mail attack only impacts the iOS Mail application, not its desktop counterpart.
  • According to security researchers, it affects iOS versions as early as iOS 6 and has been observed in use against iOS 12 and 13 — this means even recent versions are at risk.
  • This attack includes two different vulnerabilities, and plays out differently depending on which version of iOS you are running.
  • The bottom line remains the same: an attacker can send you a specially-crafted email and compromise your device — often without you opening the email.
  • In one successful attack, the attacker has been able to leak their victim’s email, delete, and even modify messages.
  • At this point, the pattern of known victims suggests this attack has been used by an advanced threat actor, perhaps state-sponsored. However, others may soon follow their lead and begin exploiting the same vulnerabilities more broadly.

How can you protect your iOS devices today?

It’s important to understand and manage the risks associated with an attack like this.

First, Apple has issued a beta patch which addresses the issue. However, not all users may have access and will be able to take advantage of the patch. You can check if you have access in your Software Updates.  If you have access to the patch, download it today.

Next, hopefully Apple will release a full patch for all iOS iPhone and iPad users soon. In the meantime, our team at Field Effect recommends avoiding the use of the Mail application on your iOS devices. To ensure you remain secure, use an alternative email client, your web browser, or rely on your desktop app for email.  You should also disable your Mail app entirely until Apple releases its full patch.  

And finally, know your network and your threats. Protecting your corporate and personal email is important and requires more than just phishing awareness training and cloud monitoring. Understanding what devices are in your environment and their potential vulnerabilities are critical to managing your threat surface. Our Covalence threat detection and monitoring platform helps you see the devices and activity across your network, providing understandable and actionable alerts when vulnerabilities are present.

As always, please check in with our team for questions or support at hello@fieldeffect.com.  You can read more about this exploit here.

Please stay safe and secure.

 

Request Demo

Fill out the form and we will send you details about our demo.

 
  • Get Covalence Cloud Now

    Protect your company today

    REQUIRED *
  • Let us know what Cloud Services you have
  • By clicking the button below, you agree to the Field Effect terms and conditions

  • This field is for validation purposes and should be left unchanged.
 
  • Sign up

    Get your free 30-min assessment with a cyber security pro to help you understand your security needs

  • This field is for validation purposes and should be left unchanged.
 
  • Sign up

    Get your free 30-min assessment with a cyber security pro to help you understand your security needs

  • This field is for validation purposes and should be left unchanged.
 

Send Us A Message

Fill out the form and we will get back to you!

 

Think you are ready?

We are always on the look-out for amazing people. Think you are one of them? Complete the form here!

  • Accepted file types: pdf, jpg, png, doc, docx.

Solutions

Field Effect’s experience has taught us that every organization is different – different workflows, different personnel and different threats.

Products

We believe in modularity, simplicity and effectiveness. Our expert developers have lived the challenges you want solved. Build and operate more secure and resilient networks with Field Effect Software.

Company

We are proven leaders in the development of network application solutions, low level systems development, and cyber security analytics.

Partners

Partner with Field Effect and gain the cyber security solutions, services, and support to secure your customer’s operations, drive client success, and realize profits.

Careers

We’re always looking for highly-skilled security and engineering professionals to join our team…

Contact

Field Effect Software helps strengthen the IT security operations of organizations large and small. We understand that different organizations face different challenges, and we’re incomparably qualified to match the perfect solution to your unique challenges. Drop us a line, we’d love to help.

COVID-19 – A message from our Chief Operating Officer