CSqSecurity Advisory: iOS Zero-Day Vulnerability
THE THREAT TO YOU IF YOU USE APPLE’S MOBILE E-MAIL APPLICATION (Executive Summary):
On April 20th, 2020, ZecOps announced the discovery of two zero-day vulnerabilities affecting iOS devices including iPhone and iPad. Both vulnerabilities have existed since September 2012 and have been exploited in the wild since at least January of 2018. If exploited, the pair of vulnerabilities allow remote threat actors to leak, modify, or delete emails in the Apple Mail App. Apple has released a beta version for iOS that fixes the issues, but this is currently only available for members of the Apple Developer Program.
Until a security update is widely released, we suggest that you disable the use of Apple mail on corporate devices and download an alternative, such as Microsoft Outlook.
- CSqSecurity teams are monitoring the situation for new information and will release an update once there is a patch available.
- Consider disabling the Apple Main application and downloading an alternative mail application.
- If you require Apple Mail and are a member of Apple's Apple Developer Program, after performing a business impact review, update to iOS 13.4.5 beta.
- Apply Apple iOS updates once they become available.
- Contact your IT Support team for assistance