Two zero-day vulnerabilities discovered by a San Francisco-based cybersecurity company were disclosed today.
The portal Motherboard and the Wall Street Journal report that the cyber security company ZecOps claims to have discovered two zero-day security holes in iOS. Attackers can remotely infect devices via Apple's Mail app and thus cause considerable damage. To do this, emails must be sent to the victim, which use up a considerable amount of memory. The second exploit enables the execution of malicious code - also remotely. If the vulnerabilities are successfully exploited, attackers can access the victims' emails, modify them or even delete them.
Security vulnerabilities present since iOS 6
According to ZecOps, the victims include executives from various companies as well as politicians and other government officials. The interesting thing is that the vulnerabilities are not new. That is, they have been present in all software versions since iOS 6 up to and including iOS 13.4.1. available. But iOS 13.4.5 is supposed to be the end of it. ZecOps reports that both exploits have been removed in the current iOS 13.4.5 beta. It is not known when the final version will be released. It can be assumed that Apple iOS 13.4.5 will be available to all users in the next few weeks. In the meantime, ZecOps recommends using third-party applications for emails. These are apparently not affected by the two security vulnerabilities. (Photo by can peshkov / Bigstockphoto)
