Earlier this week, cybersecurity company ZecOps reported it had discovered zero-day exploits for iOS and iPadOS, with the vulnerabilities apparently being introduced as far back as iOS 11.2.2. However, Apple has now concluded there’s no immediate risk to users.
As Reuters reports, Apple acknowledged the vulnerability existed on Wednesday and carried out a review. The exploits exist in the Mail app for iOS and, according to ZecOps, allows a specially crafted email to be sent to trigger the vulnerability simply by consuming a lot of RAM. ZecOps believes this security hole has already been used to hack a number of targets, including a journalist, multiple executives, and individuals from a Fortune 500 organization.
Apple disputes the hacking occurred, but ZecOps has promised to share more details on that front as soon as Apple releases the update meant to fix the exploits (expected to be included with iOS 13.4.5). With regards to the threat posed by these vulnerabilities, Apple concludes there is none.
Responding to ZecOps’ reports, Apple said, “We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users … The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”