After a group of experts from a cyber security course revealed a report in April, Apple acknowledged that all iPhone devices released over the past eight years are vulnerable to various remote attacks using the iOS Mail app.
Although the company downplayed this report arguing that no cases of exploitation had been reported in the wild, ZecOps experts, tasked with reporting the flaw, have revealed new details about this inconvenience, reporting cases of active exploitation and stating that the first attempts could have occurred a decade ago, so that every iPhone manufactured from the outset could be exposed.
In this regard, the company ensures that the vulnerability will be corrected with the release of the iOS 13.5 operating system, which will eliminate the security risk for users of iPhone 6S and later computers. According to cyber security course experts, the 6S remains the best-selling model in the company’s history, even last year it could still be purchased by some Apple partners.
ZecOps researchers say that, until updates become available, users of any potentially affected version of iPhone can turn off the iOS Mail app and use one of the alternatives from other companies (such as Outlook or Gmail), as iOS versions of these services are not affected by this vulnerability.
In September, Apple will launch its latest iPhone range, citing experts from the cyber security course. This has made the cybersecurity community wonder: how much progress has the company made and how far can its commitment to protect users from older models go?” In addition, many fear that a similar security flaw could be found on all nearby iPhone models to go on sale.
While Apple’s operating systems are considered more secure than their counterparts from other companies (such as Google’s Android), this is not the first time potential security threats to the company are revealed, so it’s worth finding a way to add additional layers of security to their devices.
For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.