Apple has recently confirmed that one of its oldest vulnerabilities has affected millions of iPhone users and at the time of writing, things are not looking good. Back in April, Apple acknowledged that every iPhone that has been launched in the past years was prone to remote attacks through the iOS Mail app. However, at the time of the official statement, Apple did say that this is not as severe as it may sound.
However, a report from security specialist ZecOps talks about how the triggers for this vulnerability have existed in almost every single iPhone ever made. To make matters worse, last year, Apple confirmed that there are 900 million active iPhones at the moment. So, at this point, it can only be said that the number has exceeded even further.
The MailDemon Vulnerability Resides in Almost Every Active iPhone In the World
The original report also talks about how Apple is continuously downplaying the severity of this issue. However, at the same time, they have talked about fixing the vulnerability in the iOS 13.5; which will be available for iPhone 6s and newer. However, the biggest concern here is just what exactly is going to happen to the older iPhone devices that are more or less still active.
At the moment, there is no fix that can prevent the trigger. However, the safest course of action would be to disable the iOS Mail app and use either Gmail or some other client that is trusted enough.
Despite Apple not admitting the severity of the issue, other bodies are taking notice and putting actions in play, as well. For instance, Germany’s Federal Office of Information Security has issued a statement that talks about removing the iOS Mail App. According to the BSI President Arne Schönbohm, these vulnerabilities are critical at best. Since they allow the attackers to manipulate larger parts of email communication that is taking place between devices. Additionally, they even talk about how since there is no patch available at the moment, this leaves countless Apple devices vulnerable to all sorts of attacks. If attackers want, they can target anyone with an iPhone.
As stated before, iOS 13.5 should be fixing the issue and the majority of Apple devices will get this update. The same, however, cannot be said about the devices that came before the iPhone 6s series hit the shelves. With iPhone SE recently launched and iPhone 12 coming later this year, Apple should be focusing on making sure that the iPhone remains as secure as it possibly can be.