A SEVERE flaw in Apple’s iPhone software may have left millions of users at risk of having their emails hacked.
Cyber-experts said that at least six high-profile victims were targeted using the bug – and millions more could be vulnerable.
The bug is believed to have been present in iPhone versions going back to iOS 6, which came out in 2012.
Experts at ZecOps say the flaw affects Mail – Apple’s own email app that comes installed on all iPhone models by default.
The bug is known as a “zero click” attack, because victims can be hacked simply by opening an email.
Once a device is compromised, hackers can then delete the offending email – wiping key evidence of the attack.
The attack lets hackers read, edit and delete any emails within the Mail app.
You might not even know you’ve been attacked.
The message could appear blank, but contains secret code designed to compromise the system.
This email would crash the Mail app, giving hackers access to the iPhone during reboot.
Users wouldn’t need to visit any criminal websites, downloading any rogue attachments or click any links – making the attack particularly difficult to avoid.
“Besides a temporary slowdown of mobile mail application, users should not observe any other anomalous behavior,” ZecOps explained.
“When the exploit fails on iOS 12 – users may notice a sudden crash of the Mail application.
“On iOS13, besides a temporary slowdown, it would not be noticeable. Failed attacks would not be noticeable on iOS 13 if another attack is carried afterwards and deletes the email.
“In failed attacks, the emails that would be sent by the attacker would show the message: ‘This message has no content’.”
According to ZecOps, Apple wasn’t aware of the bug until being alerted by researchers in March.
The bug is believed to persist right through to the latest update to iOS 13, but has been fixed in a beta test version of the software.
Cyber-experts warn that the bug was used to target a Fortune 500 company in America, as well as journalists and tech workers.
In a statement, an Apple spokesperson said: “Apple takes all reports of security threats seriously.
“We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users.
“The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.
“These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.”
How to stay safe from iOS email bug
There are a few ways to avoid being caught up in this hack attack.
Firstly, Apple has reportedly fixed the issue in a beta version of iOS 13.
Beta updates can take a few weeks to make it to the general release version of iOS, however.
Check your iPhone regularly for updates to make sure you’ve got the latest security fixes.
In the meantime, you can simply avoid using the Mail app.
You could switch to an alternative like Google’s Gmail app, which doesn’t appear to be affected by this bug.
Once the issue is resolved, you can go back to using Apple’s Mail app.