Hackers may be attacking iPhones by sending emails that can infect phones without you even opening the email
The flaw allows attackers to send a message containing malicious software that doesn't need to be clicked on in order to infect a device.
Hackers may have figured out a way to attack iPhones using a malicious message sent through Apple’s email software.
The flaw was discovered by cybersecurity firm ZecOps, and first reported by The Wall Street Journal.
According to ZecOps researchers, the security vulnerability is particularly sophisticated because it doesn’t require users to click on anything in order for their devices to be infected. The attackers send emails that install malicious software once Apple’s email reader begins downloading the message – the user doesn’t even need to open the message at all.
The issue was particularly difficult to detect because the malicious code was contained in the email sent by the attackers, and the emails were either deleted by the user or by the attackers themselves, according to the Journal.
The vulnerability specifically affects those who use Apple’s Mail app. It primarily affects the latest iPhone software, iOS 13, though ZecOps says the vulnerability has existed since at least iOS 6, which was released in 2012.
ZecOps was able to identify multiple targets in the attacks, including employees at a Japanese telecommunications firm, a North American company, and tech companies in Saudi Arabia and Israel, according to the Journal.
A spokesperson for Apple did not immediately respond to Business Insider’s request for comment.
While Apple has historically been the gold-standard in cybersecurity, this security flaw is the latest in a string of Apple security issues that have been discovered in the last year. Last spring, hackers used a vulnerability in the messaging app WhatsApp to install malware on iPhones and other smartphones. And in August, Google researchers discovered that an iPhone hack may have targeted Uighur Muslims in China. In both situations, Apple patched the issues before they were made public.
Apple has experienced other software flaws in recent months. Last July, Apple had to temporarily shut down its Apple Watch Walkie Talkie app after discovering a bug that could allow someone to eavesdrop on someone else via their iPhone. Apple said at the time there was no evidence anyone had exploited the bug.
And when Apple’s latest software, iOS 13, released last September, researchers discovered a bug that would make it possible for someone to access an iPhone’s contact list without needing to unlock the phone, as well as a flaw that allowed third-party keyboards to unapproved access to your device. A subsequent software update has since fixed the flaws.