Owners of Apple products take a great deal of pride in the security of their gadgets. After all, iPhone-specific malware and security flaws are rare compared to the kind you’ll find more commonly on Android devices.
But when cyberattacks finally do hit iPhones, the results can be devastating. Tap or click here to see how hackers broke into iPhones for years and installed spy software using malicious websites.
Malware isn’t as common on iPhones as exploits and security flaws. And a major one has been discovered in iOS that hackers have been using for years to spy on people’s emails. Here’s how you can fix the issue.
A fox in the henhouse
An extremely dangerous vulnerability has been discovered in iPhone and iPad operating systems dating as far back as 2012. Thanks to an exploit found in Apple’s default mail app, hackers can send a malicious email that crashes the program and opens a digital backdoor. From here, they can use it to read your mail, steal contacts and access photos.
If you ever received a blank email from an unknown sender that crashed your mail app upon opening it, this is the exact method the exploit uses. And once the email has executed its payload, there’s no telling whether the hackers are snooping on you at any given point. It’s perfectly stealthy and easily overlooked.
The bug was discovered by security researchers from cybersecurity firm ZecOps, who found evidence of a malicious program exploiting the vulnerability as early as January 2018. After digging deeper, researchers saw that the bug was still present in operating systems as old as iOS 6, which was released in 2012.
There isn’t formal evidence that the exploit had been used by attackers that long ago, but the absence of evidence doesn’t mean evidence of absence. It’s still possible that someone could have used the glitch to break into a phone without being detected.
For anyone exchanging sensitive business and financial information by email, this glitch could not be more dangerous. Add in the fact that this hack has been happening for so long, and it’s no wonder so many people have fallen victim to data breaches and account hijackings.
This is bad! How can I protect my phone?
Fortunately, there’s a bit of good news. Apple has formally acknowledged the issue and has already implemented a systemwide fix in the latest version of iOS 13. The catch: It’s not fully available yet — not to everyone, at least.
The new update featuring the fix is already available to members of Apple’s beta test program, which gives users access to early builds of iOS software while they’re still in development. These early builds are often buggier, and Apple uses the beta program to catch glitches in the wild before the official version is delivered to customers.
You can protect yourself by enrolling in this beta program and installing the new iOS update early. But keep in mind: Beta software is buggy, and you’ll need to back up all of your data carefully before continuing. Otherwise, you run the risk of losing everything. Tap or click here to see how you can back up your iPhone
To sign up for the beta, click here to visit Apple’s registration page for the program. Click Sign Up and register with your Apple ID to enroll. Next, you’ll download a custom configuration file to your phone from the website.
Follow Apple’s directions to get it, and make sure you have a power cord handy so you don’t run out of juice while installing. Finally, you’ll download the beta by opening Settings >> General >> Software Update.
Alternatively, if you’d rather not risk running buggy pre-release software, you can always avoid the Apple Mail app until the new update is available. There are plenty of solid alternatives to use, and you may even be better off using the brand-specific apps for your email host, such as the Gmail app. Tap or click to see our favorite alternative email apps.
As for when the new update is expected to come out, there isn’t an official release date set. We’ll be updating this story once more information is available, but we can expect the patch will come sometime soon if a beta version already includes the fix.
Ultimately, bugs like this prove that no device is truly safe from cyberattacks — no matter what kind of fruit is on the back.
To protect ourselves, we need to take matters into our own hands and avoid opening emails or attachments from unknown senders, using secure passwords and keep our most private data away from our devices, if possible.
If we can’t depend on device-makers to save us, we have to save ourselves. If hackers think attacking us is a waste of time, they just might turn their attention elsewhere.
Apple has since responded to the discovery of this serious flaw. In fact, the company says it’s not as serious as you might think and that there’s no evidence the bug has been exploited. Here is the statement Apple released:
“Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users.
‘The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.
‘These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.”