Apple says there is no evidence that cyber attackers can exploit the new vulnerabilities in the Mail app for iPhone and iPad for hacking. The Mail app, which discovered the vulnerability, may have more than 1 billion users worldwide.
Apple is countering claims by cybersecurity firm ZecOps that Apple's software flaw opens up the possibility of hackers sneaking into iPhones and other iOS devices, and that the vulnerability has been around for a year.
Apple launched an investigation and said in a statement that the Mail issue itself wasn't enough for cyber attackers to bypass Apple's built-in security mechanisms. Meanwhile, Apple added that it will release a patch soon.
Apple said it has thoroughly investigated the researchers' report and concluded, based on the information provided, that these issues do not pose an immediate risk to our users.
Apple says researchers found three problems in Mail, but those vulnerabilities alone aren't enough for hackers to bypass the security protections of iPhones and iPads, and no evidence has been found that they can be used to attack the privacy of Apple users.
San Francisco-based ZecOps responded to Apple's denial on Friday, reiterating that the vulnerabilities it found were indeed exploited by "some organizations".
In a statement, ZecOps thanked Apple for the new patch and said it would "update more information" after its release.
Last Wednesday, ZecOps released its report on the vulnerability. The report says cyber attackers can exploit these vulnerabilities when an iPhone or iPad opens a specially designed email on the Mail app.
In its report, ZecOps stated that the vulnerability had been used by "an advanced threat carrier" to carry out the attack, which it said included "individuals from North American Fortune 500 companies", "executives from a Japanese airline" and "a journalist from Europe".
According to ZecOps, cyber attackers may have been exploiting these vulnerabilities since January 2018, and ZecOps predicts that they will be publicly disclosed when Apple releases a beta update, and cyber attackers "will likely use this time to attack as many devices as possible before the patch is released".
