A major security flaw was recently discovered in the operating system running on hundreds of millions of Apple devices. If you’ve received a blank email from someone over the last few years, this might have been a hacker’s attempt to get unauthorized access to content stored on your Apple devices.
According to Reuters, Apple is planning to fix the bug with the next planned iOS update, which means that Apple devices are currently out in the open for hackers to attack. The flaw was discovered by a US-based cybersecurity firm currently investigating a cyberattack on a high-profile customer. It has been confirmed that the exploit has been used on at least six occasions against other blue-chip Apple users. According to Reuters, Apple spokesperson acknowledged the security flaw and highlighted their intentions to get it resolved soon.
The flaw is in Apple’s Mail app and grants unauthorized access to the user’s content stored on the device. Cybersecurity researchers have confirmed the same flaw has been exploited on Apple devices as far as early 2018. The vulnerability gives the green light to criminals to access the device’s photos, contact lists, and confidential messages. A receipt of a malicious ‘blank email’ would force the user to restart the Apple device, opening a backdoor for hackers to sneak in the users’ private space.
It is currently unknown who are the hackers who might have used the vulnerability, nor the names of the victims. Also, there is no information showing as to whether the security flaw has been largely exploited, or it has only been used against high-profile individuals. There is no evidence as to whether the vulnerability has been used by government agencies such as the NSA. However, knowing that there are hundreds of millions of active Apple devices all around the globe, it certainly is not comforting to know that skillful hackers have backdoors to exploit.
What makes the bug different than the other “regular” malicious attacks?
Generally, hackers would trick potential victims into somehow installing malicious software onto an individual device and then use it to gain access and control it. The hackers would either send a malicious email and encourage you to start a file that may give them backdoor access, or they would try to infect your device using an infected website. With this security flaw, users did not have to do anything. Targets simply received an email that would make the phone susceptible to attacks and would allow hackers to gain access to confidential information while the device is being restarted. Even careful users who practice good digital hygiene would fall victim to this particular security flaw.
Even Jeff Bezos got hacked a couple of years ago. Apple devices come with relatively high-security standards, but backdoors sometimes go unnoticed, and it takes years for such to be discovered and addressed. So even if you have the latest devices running the newest software, practicing good digital hygiene and having trustworthy antivirus software installed on your smart devices, is always better than just staying out in the open.