Apple has responded to reports over two new vulnerabilities found in the iOS Mail app.
The company has said that the flaws in the operating system don’t pose an “immediate threat” to users but promised that iOS 13.4.5 (currently in beta) would patch the issues.
Earlier in the week, security giant ZecOps reported that Apple’s official Mail app featured two previously-unknown vulnerabilities, which would allow attackers to delete and modify user emails, provided it got into the wrong hands and emails could be remotely accessed.
ZecOps suggested that the vulnerability could be exploited by sending crafted emails that were designed to trigger faults in the operating system.
Once opened, those emails could be used to run remote code and attack email accounts opened on iOS.
Speaking of the flaw, Apple played down the severity of the issue, saying: “Apple takes all reports of security threats seriously.
“We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users.
“The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”
Apple added that it was grateful for the input from security researchers who help to make iOS safe and secure and that in future, they will credit the person who discovered the iOS vulnerability.
iOS updates typically feature patch notes where researchers are identified.
Are you concerned about this vulnerability? Do you think Apple should act faster to fix issues with its code? Let us know your thoughts and check back soon for more news and rumors.
