NOTICE: If you believe your Apple device has been hacked through the bug identified by ZecOps, contact the Arnold Law Firm at (916) 777-7777 as soon as possible.
On April 22, 2020, mobile security firm ZecOps published a report about a bug in Apple Inc. iPhone iOS email software that makes devices vulnerable to cyberattacks.
Reportedly, the bug has already been used to attack high-profile targets, including individuals from a Fortune 500 company in North America, international technology executives, and a European journalist. ZecOps chief executive Zuk Avraham claims that at least six organizations were targeted by attackers as far back as 2018.
The bug dates back to iOS 6, which was first released in 2012. It allows hackers to send a message that appears to be blank to an iPhone or iPad user email account. When the user opens the suspect email, hidden malware downloads and crashes the app.
The user is forced to reboot their iPhone or iPad, which allows the device memory to be overrun. Hackers can then steal data from and/or take control of the iPhone or iPad.
On the latest version of iOS 13, the bug does not require any user interaction. The malware downloads automatically, even if the user does not open the email.
This type of attack is virtually undetectable and does not require victims to take traceable actions, such as downloading external software or clicking on a link to visit a website with malware. Because they are difficult to find, iPhone vulnerabilities are the most valuable for hackers, selling for up to $1 million on the dark web.
There are currently more than 100 million iPhone users in the United States, accounting for 45 percent of all smartphone users nationwide.
The bug appears to have been fixed in a beta version of Apple's next iOS update. Public versions of iOS have not yet been patched, leaving users vulnerable until the new version is released.
To avoid the bug, iPhone and iPad users should disable the email app or at least turn off automatic email fetching from the mail server on their devices. Limit email access to the cloud and screen carefully for potentially malicious messages.
The Arnold Law Firm is currently investigating this Apple, Inc. security incident. If you believe your Apple device has been hacked through the bug identified by ZecOps, contact us at (916) 777-7777 as soon as possible to assess your situation and possible legal options.