sad - many such cases
Apple iPhone mail app vulnerable to hacking, new research says - The Washington Post
You’ve Got (0-click) Mail! - ZecOps Blog
Apple iPhone mail app vulnerable to hacking, new research says - The Washington Post
Hackers gained access to iPhones through a sophisticated security flaw in Apple’s built-in email app that Apple hasn’t yet fixed, according to research by a cybersecurity firm.
ZecOps began conducting research after finding suspicious lines of code on iPhones belonging to a client. Customers of ZecOps, a two-year-old firm with offices in San Francisco, instruct their employees to connect their iPhones to a computer or kiosk that uploads data logs to a central server, where they are analyzed for suspicious activity.
Zuk Avraham, the chief executive and co-founder of ZecOps, said the code stood out because it wasn’t found on many other iPhones. Avraham and others at the company investigated it for months, eventually discovering that it was connected to a previously unknown flaw in Apple’s email app. It alerted Apple, which is in the process of fixing the flaw, he said.
...
Like the attack suspected on Bezos’s phone, the hack that ZecOps says it discovered is referred to as a “zero click” attack. While less sophisticated attacks require the victim to click on a link, usually in a phishing email or text message, a zero click exploit requires no participation on the part of the victim. In this case, the perpetrators can send an email to the victim containing the malicious code. That code can then set off a chain reaction, called an “exploit chain,” that knocks down the phone’s defenses one-by-one, erasing its tracks along the way and making it nearly impossible to detect.
You’ve Got (0-click) Mail! - ZecOps Blog
Following a routine iOS Digital Forensics and Incident Response (DFIR) investigation, ZecOps found a number of suspicious events that affecting the default Mail application on iOS dating as far back as Jan 2018. ZecOps analyzed these events and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time.
The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13. Based on ZecOps Research and Threat Intelligence, we surmise with high confidence that these vulnerabilities – in particular, the remote heap overflow – are widely exploited in the wild in targeted attacks by an advanced threat operator(s).
...
ZecOps found that the implementation of MFMutableData in the MIME library lacks error checking for system call ftruncate() which leads to the Out-Of-Bounds write. We also found a way to trigger the OOB-Write without waiting for the failure of the system call ftruncate. In addition, we found a heap-overflow that can be triggered remotely.
We are aware of remote triggers of both vulnerabilities in the wild.
Both the OOB Write bug, and the Heap-Overflow bug, occurred due to the same problem: not handling the return value of the system calls correctly.
The remote bug can be triggered while processing the downloaded email, in such scenario, the email won’t get fully downloaded to the device as a result.