Researchers uncover a rare iPhone error that allows hackers to access Apple’s iOS operating system remotely
- The exploit has likely been used to access target devices
- The error uses Apple’s Mail app to gain privileged access to a device
- Employees for American companies and a ‘German VIP’ were targets
- The bug has been reported to Apple and will be patched in an iOS 13 update
Investigators say they have uncovered rare exploits that allow hackers to infiltrate Apple’s acclaimed iOS.
“We concluded with great confidence that it was being exploited in the wild,” Zuk Avraham, the founder of ZecOps, told Motherboard.
‘One of the [the vulnerabilities] we clearly showed that it can be activated remotely, the other one needs an extra vulnerability to activate it remotely. ‘
The exploits are a rare decline in iOS security, which researchers say has been used to hack individuals into U.S. companies and a “ German VIP ” (inventory)
The remote vulnerability is particularly dangerous, according to researchers, because it doesn’t require a victim to ‘click’ or interact with anything to be exploited.
While ZecOps didn’t go into more detail about what the hacks stole or who might use them, the company did say it targeted people who worked for large companies in the US, “a German VIP,” an executive in Japan, and a journalist from Europe.
Zuk Avaraham, the founder of ZecOps, told Motherboard that the flaws were exploited by “someone who wants privileged access” to a target’s device.
ZecOps says the exploit has used Apple’s email app and was likely purchased from a third party by a nation-state that wants to use the bug for surveillance.
As noted by Motherboard, zero-day exploits as discovered by ZecOps are flaws that have not been identified by the companies that affect them and are rarely discovered in Apple’s iOS.
Zero-day iOS flaws are rarely discovered, but are often exploited by nation states and other organized cyber-espionage groups (inventory)
Zero day errors are also rarely noticed ‘in the wild’, meaning they have not been identified by a company or service. This is because they are often used by sophisticated hackers who cover up their tracks after using the exploit.
The flaws have been reported to Apple, and according to Motherboard, they will be patched in an upcoming update for iOS 13.
While the exploits aren’t likely to be used en masse against humans, Motherboard says users can safely protect themselves against the error by removing the Mail app from their phones.