Theme

Welcome · log in · join

Search similar:

Junk folder

Forums → Software and Operating Systems →

Apple → iOS 13 Mail exploit workaround

uniqs
192

« Came back to iPhone • Apple updates Apr 7th 2020 »

haroldo join:2004-01-16 USA 2 edits	haroldo Member 2020-Apr-23 3:37 am iOS 13 Mail exploit workaround Article suggests using Outlook. Would MacOS or iCloud.com for e-mail be considered safe from this exploit? »www.forbes.com/sites/zak ··· nything/
	· actions · 2020-Apr-23 3:37 am ·
gcerullo join:2015-10-31 Toronto, ON	gcerullo Member 2020-Apr-23 9:35 am I would rather cut off my left testicle than use Outlook on iOS. But that's just me! You can you also use the Gmail app or any other alternate mail app for that matter. Or you can wait for Apple to release the next update to iOS since it has the fix in it. Since the exploit has only been use in targeted attacks in the wild you might me better off just waiting for Apple to release the next update to iOS since it has the fix for this exploit Mail on macOS and iCloud.com are not affected by this exploit.
	· actions · 2020-Apr-23 9:35 am ·
HiVolt Premium Member join:2000-12-28 Toronto, ON	HiVolt to haroldo Premium Member 2020-Apr-23 9:36 am to haroldo Or just don't click silly looking emails, I'm sure the fix will be out shortly.
	· actions · 2020-Apr-23 9:36 am ·
GuruGuy Premium Member join:2002-12-16 Atlanta, GA	GuruGuy Premium Member 2020-Apr-23 10:06 am said by HiVolt: Or just don't click silly looking emails, I'm sure the fix will be out shortly. Receiving the email in the background can trigger the attack per the article...not sure if that’s true or not, if so you don’t need to click on anything. Also if you do install another email program you would need to be sure the stock mail account isn’t setup and active for anything to prevent the attack. Since it appears to have been an issue for several years I personally wouldn’t worry about it. Would think we would have it fixed by now if it was a big deal
	· actions · 2020-Apr-23 10:06 am ·
gcerullo join:2015-10-31 Toronto, ON	gcerullo to HiVolt Member 2020-Apr-23 10:16 am to HiVolt said by HiVolt: Or just don't click silly looking emails, I'm sure the fix will be out shortly. From what I understand, in iOS 13 and iPadOS just receiving the email is enough to trigger the expoit. Previous versions of iOS (all the way back to iOS 6) require that you view the message first unless the attacker also controls the email server as well. More info here: »blog.zecops.com/vulnerab ··· he-wild/ All evidence points to this only being used in highly targeted attacks otherwise this would have been discovered by now.
	· actions · 2020-Apr-23 10:16 am ·
HiVolt Premium Member join:2000-12-28 Toronto, ON	HiVolt Premium Member 2020-Apr-23 10:30 am Ah, i didnt know that just receiving it can trigger an attack. well that certainly puts a different twist on it. Apple better fix this ASAP.
	· actions · 2020-Apr-23 10:30 am ·
gcerullo join:2015-10-31 Toronto, ON	gcerullo to haroldo Member 2020-Apr-23 10:32 am to haroldo From the ZepOps Blog: Q: What does the vulnerability allow: A: The vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13). Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails. Additional kernel vulnerability would provide full device access – we suspect that these attackers had another vulnerability. It is currently under investigation. So, unless the attacker has another exploit they can take advantage of, the only thing they can do with this exploit is, "leak, modify or delete" emails. Anyway, the fix is already in the beta so it should be out soon.
	· actions · 2020-Apr-23 10:32 am ·

Forums → Software and Operating Systems → Apple	« Came back to iPhone • Apple updates Apr 7th 2020 »