Skip to main content

Apple denies hackers exploited critical iPhone vulnerabilities

(Image credit: Apple)

Apple has denied claims that zero-day vulnerabilities in its Mail application for iOS have been actively used to target iPhone and iPad users.

This followed a report that outlined two critical flaws in the software suite's mail client, which could have allowed hackers to scrape information from the target device.

The report from security firm ZecOps stated, “with high confidence”, that the newly discovered flaws have been widely exploited in the wild. However, while Apple has acknowledged the existence of the bugs, it says it has found “no evidence they were used against customers.”

Apple security flaws

Apple is widely praised for its excellent digital security standards and watertight code, and is understandably eager to preserve its reputation.

The company disputes ZecOps’ assertion that the flaws have been used to attack multiple high-profile targets, including employees of a Fortune 500 company and an executive at a Japanese telecoms firm.

In its written riposte, Apple claims to have conducted a full enquiry, which unearthed no evidence to suggest the vulnerabilities have been exploited in the wild.

“We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users,” said Apple.

“The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”

ZecOps, meanwhile, is sticking firmly to its resolve. The company says it has access to evidence the bugs were used to assault “a few organizations” and has promised to share intelligence with Apple once a full software update has been made publicly available.

Via Reuters

Joel Khalili

Joel Khalili is a Staff Writer working across both TechRadar Pro and ITProPortal. He's interested in receiving pitches around cybersecurity, data privacy, cloud, storage, internet infrastructure, mobile, 5G and blockchain.