"iOS Mail App Flaws May Have Left iPhone Users Vulnerable For Years"

Researchers have discovered that Apple's iOS Mail app has two severe security vulnerabilities. The security flaws allow adversaries to remotely compromise a device by sending an email that will consume high amounts of the device's memory. The vulnerabilities can be triggered before the whole email is downloaded, and the trigger varies depending on the iOS version the device is running. Through successful exploitation of these vulnerabilities adversaries, can modify, leak, and delete emails from a user's device. On devices running iOS 13, the vulnerability is triggered by a 'zero-click' attack, which means the Mail app has to be running in the background. On iOS 12, the victim has to click on the email. Devices running iOS 6 and above are all susceptible to this attack. Once the vulnerabilities are exploited on devices running iOS 12 software, the email app will be sluggish and will sometimes crash. On devices running iOS 13, the attack would cause a temporary slowdown of the Mail app. If the attack failed, then the email that was sent by the adversary would show, "This message has no content".

WeLiveSecurity reports: "iOS Mail App Flaws May Have Left iPhone Users Vulnerable For Years"