Cyber-security firm ZecOps has discovered vulnerabilities in the email application for iPhone and iPad which allows attackers to steal data from the device, including sensitive data for crypto wallets access.
Researchers say the new iOS exploit appears to have been leveraged as part of malformed emails sent to high-profile iOS users. ZecOps said it found evidence that hackers have been using an iOS bug since at least January 2018.
“The vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13),” the ZecOps team said. “Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails.”
The security firm said the exploit doesn’t grant control over the full device, and that an attacker would also need an additional iOS kernel vulnerability.
Apple is currently investigating the matter, and the company is preparing a security update to be made available soon.