San Francisco-based cybersecurity company ZecOps today announced that it has uncovered two zero-day security vulnerabilities affecting Apple's stock Mail app on iOS devices, as noted by Motherboard and The Wall Street Journal.
ZecOps claims that one of the vulnerabilities enables an attacker to remotely infect an iOS device by sending emails that consume a significant amount of memory, while another could allow remote code execution capabilities. Successful exploitation of the vulnerabilities is said to allow an attacker to leak, modify, and delete a user's emails.
Targets of the vulnerabilities have apparently included corporate executives and government officials rather than average end users.
The vulnerabilities are said to impact all software versions between iOS 6 and iOS 13.4.1. ZecOps said that Apple has patched the vulnerabilities in the latest beta of iOS 13.4.5, which should be publicly released within the coming weeks. In the meantime, ZecOps recommends using a third-party email app like Gmail or Outlook, which are apparently not impacted.
Source: Macrumors