The maelstrom of internet security risks keeps on brewing, this time involving the Apple's latest iOS update, iOS 7.1.1.
The day after the new system's release, security researcher Andreas Kurtz wrote on his blog about a serious flaw in the system's ability to encrypt email attachments within the MobileMail.app. He wrote to Apple immediately.
Kurtz setup an IMAP email account and sent out some test emails with attachments. He shut the phone down and used "well-known techniques" to recover the attachments "without any encryption/restriction."
Article continues below
"They responded that they were aware of this issue, but did not state any date when a fix is to be expected," Kurtz wrote, speaking about Apple's response.
"Considering the long time iOS 7 is available by now and the sensitivity of email attachments many enterprises share on their devices (fundamentally relying on data protection), I expected a near-term patch. Unfortunately, even today's iOS 7.1.1 did not remedy the issue, leaving users at risk of data theft."
TechRadar received a similar response from Apple about a possible flaw in Data Protection, stating:"We're aware of the issue and are working on a fix which we will deliver in a future software update."
The plot thickens
What's worse is that this isn't just an issue for 7.1.1 users, but for anyone using iOS 7.1 or version 7.0.4 as well. Is Apple saying "too bad, so sad" to its trusting business-class users?
These software updates are generally tens of thousands of lines long and, realistically, come with a few possible exploits.
While Kurtz goes on to suggest concerned users can disable news synchronization, it seems like this is more a concern for government workers and law enforcement agencies and less likely a concern when trying to keep your vacation pics safe.
- Here's everything TechRadar knows about the iPhone 6