German Government Urges iOS Users to Patch Critical Mail App Flaws

Attacks abused the two bugs and targeted high-profile targets

• These vulnerabilities targeted individuals from a Fortune 500 organization in North America, an executive from a carrier in Japan, a VIP from Germany, MSSPs from Saudi Arabia and Israel, a Journalist in Europe, and also an executive from a Swiss enterprise.
• These remote attacks can allow an attacker to send a specially crafted malicious email to a victim’s mailbox, enabling it to trigger the vulnerability on iOS to compromise iPhone and iPad devices allowing them to gain access to, leak, modify, and delete emails.

Bugs affect iOS devices

• iPhones and iPad iOS 6 or above were found vulnerable to these bugs. But these vulnerabilities even affected the first iPhone (iPhone 1 / iPhone 2G) and have been impacting iOS 3.1.3 onwards, up to 13.4.1.
• The vulnerabilities affected iPhone 6s, iPad Air 2, iPad mini 4, iPod Touch 7th generation, and corresponding later versions. The vulnerabilities were triggered in the context of some specific apps, namely ‘MobileMail’ application on iOS 12 or the ‘maild’ application on iOS 13.

Warning by the German authorities

• The German Federal Office for Information Security (BSI) had warned the users against the use of the mail application for iOS. BSI had recommended users to uninstall the app or alternatively deactivate the accounts associated with this app until the release of patches.
• On May 27, the BSI urged iOS users to install the respective security updates (that were released by the vendor) on all affected systems immediately.

Stay safe