Warning: Hidden iPhone bug allows hackers to read your emails and steal data – how to fix it?
Updated: May 10
DigitalBank Vault® provides sophisticated Digital Anti Surveillance technologies: military-grade encryption devices for ultra-secure anonymous communication (voice calls & text messaging) with untraceable file transfers & storage solutions
Privacy is Priceless
Owners of Apple products take a great deal of pride in the security of their gadgets. After all, iPhone-specific malware and security flaws are rare compared to the kind you’ll find more commonly on Android devices. But when cyberattacks finally do hit iPhones, the results can be devastating.
Malware isn’t as common on iPhones as exploits and security flaws. And a major one has been discovered in iOS that hackers have been using for years to spy on people’s emails. Here’s how you can fix the issue.
An extremely dangerous vulnerability has been discovered in iPhone and iPad operating systems dating as far back as 2012. Thanks to an exploit found in Apple’s default mail app, hackers can send a malicious email that crashes the program and opens a digital backdoor. From here, they can use it to read your mail, steal contacts, and access photos. If you ever received a blank email from an unknown sender that crashed your mail app upon opening it, this is the exact method the exploit uses. And once the email has executed its payload, there’s no telling whether the hackers are snooping on you at any given point. It’s perfectly stealthy and easily overlooked. The bug was discovered by security researchers from cybersecurity firm ZecOps, who found evidence of a malicious program exploiting the vulnerability as early as January 2018. After digging deeper, researchers saw that the bug was still present in operating systems as old as iOS 6, which was released in 2012. There isn’t formal evidence that the exploit had been used by attackers that long ago, but the absence of evidence doesn’t mean evidence of absence. It’s still possible that someone could have used the glitch to break into a phone without being detected. For anyone exchanging sensitive business and financial information by email, this glitch could not be more dangerous. Add in the fact that this hack has been happening for so long, and it’s no wonder so many people have fallen victim to data breaches and account hijackings.
How can I protect my phone?
Fortunately, there’s a bit of good news. Apple has formally acknowledged the issue and has already implemented a systemwide fix in the latest version of iOS 13. The catch: It’s not fully available yet — not to everyone, at least. The new update featuring the fix is already available to members of Apple’s beta test program, which gives users access to early builds of iOS software while they’re still in development. These early builds are often buggier, and Apple uses the beta program to catch glitches in the wild before the official version is delivered to customers.
You can protect yourself by enrolling in this beta program and installing the new iOS update early. But keep in mind: Beta software is buggy, and you’ll need to back up all of your data carefully before continuing. Otherwise, you run the risk of losing everything.
To sign up for the beta, click here to visit Apple’s registration page for the program. Click Sign Up and register with your Apple ID to enroll. Next, you’ll download a custom configuration file to your phone from the website.
Follow Apple’s directions to get it, and make sure you have a power cord handy so you don’t run out of juice while installing.
Finally, you’ll download the beta by opening Settings >> General >> Software Update.
Alternatively, if you’d rather not risk running buggy pre-release software, you can always avoid the Apple Mail app until the new update is available. There are plenty of solid alternatives to use, and you may even be better off using the brand-specific apps for your email host, such as the Gmail app.
As for when the new update is expected to come out, there isn’t an official release date set. We’ll be updating this story once more information is available, but we can expect the patch will come sometime soon if a beta version already includes the fix. Ultimately, bugs like this prove that no device is truly safe from cyberattacks — no matter what kind of fruit is on the back.
To protect ourselves, we need to take matters into our own hands and avoid opening emails or attachments from unknown senders, using secure passwords and keep our most private data away from our devices, if possible. If we can’t depend on device-makers to save us, we have to save ourselves. If hackers think attacking us is a waste of time, they just might turn their attention elsewhere. Apple responds Apple has since responded to the discovery of this serious flaw. In fact, the company says it’s not as serious as you might think and that there’s no evidence the bug has been exploited. Here is the statement Apple released: “Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users.
‘The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. ‘These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.”
Google’s Project Zero identifies malicious websites that targeted iOS for years According to a new blog post from Google’s Project Zero security research team, a stunning amount of malicious websites have been festering on the web and secretly hacking iPhones for years. These malicious sites contained code that exploited security vulnerabilities in earlier versions of iOS, with many relying on a series of exploits found in the Safari web browser. If malware was successfully implanted in the victim’s iPhone, it would proceed to install monitoring software that was capable of snapping up private photos, text messages and GPS locations in real-time. Project Zero estimates that thousands of iPhone users were tricked into visiting these malicious websites through various means like emails and spam, with the targeted operating systems spanning from iOS 10 to earlier versions of iOS 12. This proves the endeavor was a sustained, multi-year effort to hack as many iPhones as possible.
For the safety of readers and the morbidly curious, Project Zero did not list or name the malicious websites involved in the hacking effort. What they did reveal, however, was that they identified the threat to Apple back in February of this year and that Apple subsequently patched the security flaws in several iOS software updates. Project Zero also stated that the affected population was limited in scope, with several individuals being “VIPs” potentially of interest to nation-state actors, which points a finger at the likely culprits.