According to ZecOps, there are two vulnerabilities that were firstly triggered in October 2010 and are still affecting all devices running iOS. Recently, a series of ongoing remote attacks were seen targeting iOS users using these two zero-click security vulnerabilities, affecting iPhone and iPad devices since at least January 2018.
Attacks abused the two bugs and targeted high-profile targets
The two vulnerabilities, a heap-based buffer-overflow issue (CVE-2020-9819) and an out-of-bounds write issue (CVE-2020-9818), could be triggered after the default mail application processes a maliciously crafted mail message.
- These vulnerabilities targeted individuals from a Fortune 500 organization in North America, an executive from a carrier in Japan, a VIP from Germany, MSSPs from Saudi Arabia and Israel, a Journalist in Europe, and also an executive from a Swiss enterprise.
- These remote attacks can allow an attacker to send a specially crafted malicious email to a victim’s mailbox, enabling it to trigger the vulnerability on iOS to compromise iPhone and iPad devices allowing them to gain access to, leak, modify, and delete emails.
No comments:
Post a Comment