Apple will soon patch a newly discovered vulnerability in the iPhone.
According to security researchers, hackers have already used the vulnerability to steal private information from their victims’ devices.
The news of the vulnerability was dropped by ZecOps. The company’s chief executive, Zuk Avraham said that the firm found the bug last year during a routine investigation. He also said that the attackers targeted at least six organizations in 2018.
The bug has been found in iPhone’s default Mail app. An attacker can overrun the device’s memory by sending a specially crafted email. This allows the attacker to run malicious code remotely and steal data from the victim’s device.
The biggest concern is that the bug does not require any user interaction on iOS 13 (latest version).
The bug dates back to iOS 6 that was released in 2012.
Avraham also confirmed in a tweet that macOS is not vulnerable even though it comes with an in-built Mail app.
Hackers love iPhone vulnerabilities as they are very difficult to find. Some buyers will even buy these much sought-after bugs for as much as $1 million. However, as these bugs are valuable, they are obtained by well-resourced organizations such as governments. These vulnerabilities are often used against their targets such as terrorists or criminals, in major operations. Some governments are also known to target activities, journalists, and certain ethnic groups.
Avraham added in his blog post that the targets included a journalist in Europe and a U.S based Fortune 500 Company. Although he did not mention the name of the hacker, he said that at least one of the hackers was of a nation-state.
When contacted, the spokesperson at Apple did not comment immediately. The first to report the story- Motherboard has revealed that the bug was fixed in a beta version and a fix will be rolled out soon.
For now, high-risk users are recommended to disable their Mail app.