Apple Inc is planning to fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers.
The bug, which also exists on iPads, was discovered by ZecOps, a San Francisco-based mobile security forensics company, while it was investigating a sophisticated cyberattack against a client that took place in late 2019.
Zuk Avraham, ZecOps' chief executive, said he found evidence the vulnerability was exploited in at least six cybersecurity break-ins.
An Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.
Apple declined to comment on Avraham’s research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.
Avraham said he found evidence that a malicious program was taking advantage of the vulnerability in Apple’s iOS mobile operating system as far back as January 2018. He could not determine who the hackers were and Reuters was unable to independently verify his claim.
To execute the hack, Avraham said victims would be sent an apparently blank email message through the Mail app forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details.
ZecOps claims the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. By itself, the flaw could have given access to whatever the Mail app had access to, including confidential messages.
Avraham, a former Israeli Defense Force security researcher, said he suspected that the hacking technique was part of a chain of malicious programs, the rest undiscovered, which could have given an attacker full remote access. Apple declined to comment on that prospect.
ZecOps found the Mail app hacking technique was used against a client last year. Avraham described the targeted client as a “Fortune 500 North American technology company,” but declined to name it.
They also found evidence of related attacks against employees of five other companies in Japan, Germany, Saudi Arabia, and Israel.
Avraham based most of his conclusions on data from “crash reports,” which are generated when programs fail in mid-task on a device. He was then able to recreate a technique that caused the controlled crashes.
Two independent security researchers who reviewed ZecOps’ discovery found the evidence credible, but said they had not yet fully recreated its findings.
Patrick Wardle, an Apple security expert and former researcher for the U.S. National Security Agency, said the discovery “confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices.”
Because Apple was not aware of the software bug until recently, it could have been very valuable to governments and contractors offering hacking services. Exploit programs that work without warning against an up-to-date phone can be worth more than $1 million.
While Apple is largely viewed within the cybersecurity industry as having a high standard for digital security, any successful hacking technique against the iPhone could affect millions due to the device’s global popularity. In 2019, Apple said there were about 900 million iPhones in active use.
Bill Marczak, a security researcher with Citizen Lab, a Canada-based academic security research group, called the vulnerability discovery “scary.”
“A lot of times, you can take comfort from the fact that hacking is preventable,” said Marczak. “With this bug, it doesn’t matter if you’ve got a PhD in cybersecurity, this will eat your lunch.”
Reuters
Wed Apr 22 2020
![Flaw in iPhone, iPads may have allowed hackers to steal data for years Flaw in iPhone, iPads may have allowed hackers to steal data for years](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/http://img.astroawani.com/2019-09/41568171877_TBIPHONEpro.jpg)
ZecOps claims the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. - File photo
![Usaha pujuk Pan-gon tidak berhasil - Yusoff Mahadi Usaha pujuk Pan-gon tidak berhasil - Yusoff Mahadi](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/81721124841_TBFAM.jpg)
Usaha pujuk Pan-gon tidak berhasil - Yusoff Mahadi
FAM pernah berusaha memujuk Kim Pan-gon untuk terus mengemudi skuad Harimau Malaya hingga kontraknya tamat secara rasmi pada akhir tahun depan.
![Kaspersky tinggalkan pasaran AS bermula 20 Julai ini Kaspersky tinggalkan pasaran AS bermula 20 Julai ini](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-02/51708604164_kasperskyancamans.jpg)
Kaspersky tinggalkan pasaran AS bermula 20 Julai ini
Kaspersky mengesahkan kurang 50 pekerja akan terkesan, dan mereka akan diberikan pampasan susulan penutupan syarikat tersebut.
![Keluarga Nur Farah Kartini mohon henti keluar kenyataan guris hati Keluarga Nur Farah Kartini mohon henti keluar kenyataan guris hati](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/51721127722_NurFarahKartini.jpg)
Keluarga Nur Farah Kartini mohon henti keluar kenyataan guris hati
Kakak ipar mangsa Syeril Norsyuhada Suhaimi, 29, berkata mereka sekeluarga masih terkejut dan sedih atas kejadian yang menimpa Nur Farah Kartini.
![Sultan Selangor jalani pemeriksaan kesihatan untuk pembedahan katarak mata Sultan Selangor jalani pemeriksaan kesihatan untuk pembedahan katarak mata](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/81721125507_SultanSelangor.jpg)
Sultan Selangor jalani pemeriksaan kesihatan untuk pembedahan katarak mata
Sultan Selangor Sultan kini berada di hospital untuk rawatan pemeriksaan kesihatan bagi menjalani prosedur pembedahan katarak mata.
Enam MP kekal : Tak adil salahkan Speaker - Gobind
Mengenai keputusan mengekalkan enam kerusi Parlimen bekas ahli Bersatu, Gobind Singh Deo berkata tidak adil untuk salahkan Speaker buat keputusan yang diperuntukkan undang-undang.
![Tokan dadah ditahan bersama dua pucuk pistol di Alor Setar Tokan dadah ditahan bersama dua pucuk pistol di Alor Setar](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/51721123744_tokandadah.jpg)
Tokan dadah ditahan bersama dua pucuk pistol di Alor Setar
Polis menahan dua lelaki dan merampas dua pucuk pistol serta pelbagai jenis dadah dalam dua tangkapan di Taman Lam Foong, di Alor Setar.
![Tiada tempat selamat di Gaza, kata ketua PBB Tiada tempat selamat di Gaza, kata ketua PBB](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-06/51719354914_Destroyedbuildings.jpg)
Tiada tempat selamat di Gaza, kata ketua PBB
Beliau berkata tahap pertempuran dan kemusnahan yang melampau di Gaza tidak dapat difahami dan tidak boleh dimaafkan.
![Saya tidak fitnah Lim Guan Eng, cuma jelas tentang siasatan SPRM - Muhyiddin Saya tidak fitnah Lim Guan Eng, cuma jelas tentang siasatan SPRM - Muhyiddin](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/51721121786_MuhyiddinYassin.jpg)
Saya tidak fitnah Lim Guan Eng, cuma jelas tentang siasatan SPRM - Muhyiddin
Muhyiddin memberitahu bahawa beliau tidak memfitnah Lim Guan Eng berhubung isu pengecualian cukai terhadap Yayasan Albukhary.
![Saintis kesan gen bantu rawat kanser pankreas Saintis kesan gen bantu rawat kanser pankreas](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-04/81712376317_TujuanForensik.jpg)
Saintis kesan gen bantu rawat kanser pankreas
Gen HNF4A (Hepatocyte Nuclear Factor 4 Alpha) didapati akan berhenti berfungsi pada tubuh pesakit kanser pankreas.
Pantau Agenda Reformasi: Potensi dan cabaran percambahan e-Sukan di Malaysia
Pengerusi Gabungan Pelajar Melayu Semenanjung (GPMS) Negeri Selangor
merangkap Timbalan Presiden Majlis Belia Negeri Selangor
E-Sukan mampu mencetak nama Malaysia di pentas dunia. Memahami potensi, kekangan dan peranan yang perlu dimainkan semua pihak dalam melahirkan lebih ramai pemain E-Sukan yang berjaya, seterusnya menyokong pembangunan industri E-Sukan negara.
SRG cipta sejarah pasukan Malaysia pertama juarai MSC MLBB 2024
merangkap Timbalan Presiden Majlis Belia Negeri Selangor
E-Sukan mampu mencetak nama Malaysia di pentas dunia. Memahami potensi, kekangan dan peranan yang perlu dimainkan semua pihak dalam melahirkan lebih ramai pemain E-Sukan yang berjaya, seterusnya menyokong pembangunan industri E-Sukan negara.
SRG cipta sejarah pasukan Malaysia pertama juarai MSC MLBB 2024
![Anda kini boleh uji iOS 18 Public Beta Anda kini boleh uji iOS 18 Public Beta](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/41721100842_iOSPublicBeta.jpg)
Anda kini boleh uji iOS 18 Public Beta
Walaupun iOS 18 Public Beta sedia dimuat turun, ia masih lagi dalam peringkat pembangunan dan ujian.
![Apple sasar permintaan iPhone 16 lebih tinggi tahun ini, selari pengenalan integrasi AI Apple sasar permintaan iPhone 16 lebih tinggi tahun ini, selari pengenalan integrasi AI](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-06/81719026701_tbAppleIntelligence.jpg)
Apple sasar permintaan iPhone 16 lebih tinggi tahun ini, selari pengenalan integrasi AI
Apple turut menyasarkan pendapatan tahunan 2024 yang lebih tinggi, selari pengenalan ciri kecerdasan buatan pada sistem operasi mereka.
![Peranti IoT baharu Apple untuk rumah tertiris dengan cip A18 Peranti IoT baharu Apple untuk rumah tertiris dengan cip A18](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/71720154048_tbAppleA.jpg)
Peranti IoT baharu Apple untuk rumah tertiris dengan cip A18
Peranti ini dikatakan akan berada dalam kategori yang sama dengan HomePod dan Apple TV iaitu aksesori untuk rumah.
![Apple dijangka mulakan pengeluaran AirPods dengan kamera inframerah menjelang 2026 Apple dijangka mulakan pengeluaran AirPods dengan kamera inframerah menjelang 2026](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2023-09/81694917770_Airpods.jpg)
Apple dijangka mulakan pengeluaran AirPods dengan kamera inframerah menjelang 2026
Mengikut laporan awal, ia dikatakan akan diintegrasikan bersama penggunaan Vision Pro sekali gus memberikan pengalaman yang lebih baik kepada pengguna ketika memakai set kepala tersebut.
![Suruhanjaya Eropah lancar siasatan ke atas App Store Suruhanjaya Eropah lancar siasatan ke atas App Store](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-06/61719225623_EuropeanCommission.jpg)
Suruhanjaya Eropah lancar siasatan ke atas App Store
Suruhanjaya Eropah akan meneliti amalan gergasi teknologi itu mengenakan bayaran kepada gedung aplikasi alternatif dan pembangun aplikasi setiap kali pengguna iPhone memasang perisian mereka.
![Apple, Meta bincang kerjasama penawaran kecerdasan buatan Apple, Meta bincang kerjasama penawaran kecerdasan buatan](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-06/81719026701_tbAppleIntelligence.jpg)
Apple, Meta bincang kerjasama penawaran kecerdasan buatan
Antara perkara yang dibincangkan adalah mengintegrasikan model kecerdasan buatan yang dibangunkan Meta terus ke sistem Apple Intelligence.
![Microsoft kembali atasi Apple, NVIDIA sebagai syarikat paling bernilai di dunia Microsoft kembali atasi Apple, NVIDIA sebagai syarikat paling bernilai di dunia](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-06/81719200626_Microsoft.jpg)
Microsoft kembali atasi Apple, NVIDIA sebagai syarikat paling bernilai di dunia
Microsoft berada di kedudukan teratas dengan nilai pasaran $3.343 trilion (RM 15.75 trilion), dengan Apple di tangga kedua dengan nilai $3.191 trilion, dan NVIDIA pula dengan nilai $3.113 trilion.
![Apple Store pertama di Malaysia guna tenaga lestari sepenuhnya Apple Store pertama di Malaysia guna tenaga lestari sepenuhnya](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-06/51718860047_AppleStore.jpg)
Apple Store pertama di Malaysia guna tenaga lestari sepenuhnya
Ia akan dibuka secara rasminya pada 22 Jun ini, sekali gus memudahkan pengguna tempatan mendapatkan pelbagai produk Apple.
![NVIDIA atasi Microsoft sebagai syarikat paling bernilai NVIDIA atasi Microsoft sebagai syarikat paling bernilai](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-06/51717639416_NVIDIA.jpg)
NVIDIA atasi Microsoft sebagai syarikat paling bernilai
NVIDIA, Microsoft dan Apple kekal sebagai syarikat yang mempunyai nilai pasaran melebihi $3 trilion.
![Apple fokus pembangunan iPhone 17 yang lebih nipis untuk 2025 Apple fokus pembangunan iPhone 17 yang lebih nipis untuk 2025](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-06/81718597559_iPhoneApple.jpg)
Apple fokus pembangunan iPhone 17 yang lebih nipis untuk 2025
Apple dijangka memperkenalkan peranti-peranti lain yang nipis dalam tahun-tahun akan datang.