It’s official: your iPhone is vulnerable to a security breach. And, you may have already been attacked years ago—you just don’t know it.
Apple recently confirmed a report by cybersecurity automation company ZecOps, featuring a troubling discovery about an iPhone Mail app security that affects millions of Apple users across the globe. In a comprehensive report, ZecOps discovered that hackers can take control of an iPhone user’s inbox remotely by simply sending them an email. The company found these remote assaults can be executed on iPhones using a version of iOS 6 (released in 2007) or newer. Worse, it can all be done without the user’s knowledge.
The company also learned that these attempts at inbox takeovers have been happening for over two years now. The first trigger reportedly occurred in January of 2018.
Another caveat: newer doesn’t necessarily mean better. According to the ZecOps report, iPhones with iOS 13 are more vulnerable to attack than those performing with iOS 12. Unlike those with iOS 13, iPhone iOS 12 users must open the malicious email from the phone’s Mail app to “activate” the hacking. By contrast, iPhone iOS 13 users don’t even need to open the trigger email for their inbox to be taken over. If they simply receive the email, their inbox is automatically vulnerable to takeover—even if they didn’t open it. However, ZecOps notes unassisted attacks on iOS 12 iPhones can still occur if the perpetrator has control over the mail server.
On the bright side, Apple is mobilizing to release iOS 13.4.5 sooner than initially expected. The beta version of the software doesn’t have the same vulnerabilities as its predecessors, so it’s bound to protect iPhone users from remote inbox takeovers from hackers.
Although Apple may appear fast-acting to protect iPhone users now, the company downplayed the ZecOps report upon initial release. At first, the company concluded on Thursday that malicious emails posed no “immediate risk” to users, according to an official statement. Days later, Apple reneged their initial conclusion and confirmed the concerns raised by the ZecOps report.
For now, ZecOps suggests those susceptible to attack disable their Mail app and use a third-party app to access their emails instead. To the relief of many, the company found that the Gmail and Outlook apps were safe to use and immune to remote inbox takeover.