Zero-click, zero-day flaw in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch


Apple has reportedly patched a pair of critical vulnerabilities in iOS that are being exploited by what appears to be government-backed hackers to spy on high-value targets. Think senior executives, journalists, managed security service providers, and similar.

ZecOps bods this week claimed the bugs are buried within the iOS Mail application, and can be abused to achieve remote code execution without the victim ever needing to open a booby-trapped message. The device just has to receive and process the incoming email, specially crafted to exploit Apple’s programming blunders, and malicious code embedded in the message will be executed, we’re told. This code can then snoop on and meddle with the victim’s online activities.

Read more…