Critical Security Flaw Found in Apple MobileMail/Maild

PUBLISHED:
23 April 2020

Critical Security Flaw Found in Apple MobileMail/Maild

Security researchers found a critical flaw in the iPhone Email app. It is possible to infect and compromise an iPhone only by sending an email. This exploitation can be carried out even without opening the email sent by the attacker. Exploitations are wild and reported worldwide.

Attackers have used Out of Boundry (OOB) Write and Heap Overflow vulnerabilities in a MIME library MFMutable of email app to carry out the remote code execution exploitation. A kernel bug was possibly used afterward for full control over the targeted device.

Affected Versions

  • All iOS versions from iOS 6 and above including iOS 13.4.1.

Mitigation

  • Disable Apple Email until a patch is available
  • Update to iOS public beta version 13.4.5 or later version

More Infomation

  • You’ve Got (0-click) Mail! Unassisted iOS Attacks via MobileMail/Maild in the Wild – https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/
16 April 2024 [NO.TCSA : 20240416-1-1-P]

Critical Command Injection Vulnerability Found in Palo Alto Networks GlobalProtect

READ MORE READ MORE
9 February 2024 [NO.TCSA : 20240209-1-1-P]

Critical Remote Code Execution Vulnerability Found in FortiOS SSL VPN

READ MORE READ MORE
13 July 2023 [NO.TCSA : 20230713-1-1-P]

Fortinet Patches Critical Remote Code Execution Vulnerability in FortiOS/FortiProxy

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN