yuge ios email vulnerability - 0 click ownage

[clu]

sad - many such cases

Apple iPhone mail app vulnerable to hacking, new research says - The Washington Post

Hackers gained access to iPhones through a sophisticated security flaw in Apple’s built-in email app that Apple hasn’t yet fixed, according to research by a cybersecurity firm.

ZecOps began conducting research after finding suspicious lines of code on iPhones belonging to a client. Customers of ZecOps, a two-year-old firm with offices in San Francisco, instruct their employees to connect their iPhones to a computer or kiosk that uploads data logs to a central server, where they are analyzed for suspicious activity.

Zuk Avraham, the chief executive and co-founder of ZecOps, said the code stood out because it wasn’t found on many other iPhones. Avraham and others at the company investigated it for months, eventually discovering that it was connected to a previously unknown flaw in Apple’s email app. It alerted Apple, which is in the process of fixing the flaw, he said.

...

Like the attack suspected on Bezos’s phone, the hack that ZecOps says it discovered is referred to as a “zero click” attack. While less sophisticated attacks require the victim to click on a link, usually in a phishing email or text message, a zero click exploit requires no participation on the part of the victim. In this case, the perpetrators can send an email to the victim containing the malicious code. That code can then set off a chain reaction, called an “exploit chain,” that knocks down the phone’s defenses one-by-one, erasing its tracks along the way and making it nearly impossible to detect.

You’ve Got (0-click) Mail! - ZecOps Blog

Following a routine iOS Digital Forensics and Incident Response (DFIR) investigation, ZecOps found a number of suspicious events that affecting the default Mail application on iOS dating as far back as Jan 2018. ZecOps analyzed these events and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time.

The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13. Based on ZecOps Research and Threat Intelligence, we surmise with high confidence that these vulnerabilities – in particular, the remote heap overflow – are widely exploited in the wild in targeted attacks by an advanced threat operator(s).

...

ZecOps found that the implementation of MFMutableData in the MIME library lacks error checking for system call ftruncate() which leads to the Out-Of-Bounds write. We also found a way to trigger the OOB-Write without waiting for the failure of the system call ftruncate. In addition, we found a heap-overflow that can be triggered remotely.

We are aware of remote triggers of both vulnerabilities in the wild.

Both the OOB Write bug, and the Heap-Overflow bug, occurred due to the same problem: not handling the return value of the system calls correctly.

The remote bug can be triggered while processing the downloaded email, in such scenario, the email won’t get fully downloaded to the device as a result.

 

[Data]

gg macfags

 

[clu]

apparently apple is downplaying this and some sites claim that the firm who found this is trying to gain street cred. apple's statement seems to have a few gaps in it, so time will tell. i only posted this since it didn't show up in my google news feed but ars technica and the verge covered it a little. some people's info might be on the dark net so i thought i'd share

 

[Mr Jimmy Pop]

I assume all email is vulnerable so I don’t put anything in an email that can be used like cc info, ssn etc. I only use email for work anyway. Essential heroic work, not that BS IT work. I could never thrive on hot pockets and coke.

I am a Hero. Hello good citizen, I’m your local industrial hero. Wait, I think it’s industrial whore. What’s the difference? Hero, whore, potato, projectile, namaste

 

[GreasyBoy]

 

[Edofnor]

not gonna fuck w/ me b/c i don't use mail on my iphone (i'm successful so i have an iphone)

i keep my mail on my fat boy pc w/ thunderbird (it's outlook for (((ppl))) w/ penises and neckbeards)

 

[Edofnor]

btw that hackjob sounds fking sweet and i am looking forward 2 the hollywood movie about it

 

[Falhawk]

not gonna fuck w/ me b/c i don't use mail on my iphone (i'm successful so i have an iphone)

i keep my mail on my fat boy pc w/ thunderbird (it's outlook for (((ppl))) w/ vestigial penises and neckbeards)

 

[Edofnor]

that is a v fancy way of saying incel, thank u i will steal it like as if it's my own

 

[Falhawk]

Yw