security flaw in Apple mail for iOS (iPhone/iPad)!

Attackers could hijack your apple mail-app on iOS – they then could read/delete/write mails with your account. If you’re not sure if your account is save, please deactivate mailsync on your device. a guide how to do so can be found here and wait for the next iOS-Update.

Security researchers say the iPhone has a severe flaw in the native iOS Mail app that makes it vulnerable to hackers. “The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13,” the report reads. ZecOps says the vulnerability, which underlies at least two related iOS zero-day exploits, has existed in the Mail app since at least iOS 6, which was released in 2012. Regardless, what makes this particular exploit so dangerous in theory is that it does not require the victim to download a file or visit a malware-infested website. Instead, all it requires to remotely execute code on a victim’s iOS device is for the Mail app to receive the email and for the victim to open the message. “To mitigate these issues — you can use the latest beta available. If using a beta version is not possible, consider disabling Mail application and use Outlook or Gmail that are not vulnerable,” ZecOps writes.

Apple said that the vulnerabilities, which ZecOps claimed date back as far as iOS 6, do not pose an immediate risk to its users and will be addressed in a forthcoming software update.

Source: https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/
https://www.theverge.com/2020/4/22/21231454/apple-iphone-zero-day-exploit-security-flaw-mail-app-ios-zec-ops