The vulnerabilities of the mail application allow attackers to take complete control over Apple devices remotely by simply sending an email to any targeted individual. These flaws which resides in the MIME library of the Apple mailing application are triggered while processing the contents of an email and they are critical hence it can be exploited with 'zero-click,' which means that no action is required from the targeted user.
According to the researchers at ZecOps, when these flaws are exploited most iOS users are unlikely to notice. Major flaws that have been identified are remote code execution and the heap overflow issue. These issues are identified in the current iOS 13.4.1 version and there is no security patch available at present, although Apple has patched both vulnerabilities in iOS 13.4.5 beta version, which is to be released soon.
- Leakage of personal information such as usernames and passwords.
- Slowdown of mobile mail application.
- Disclosure, modification and deletion of emails.
- Do not to use Apple built-in mail application until a patch is available (iOS version 13.4.5 is released).
- Use an alternative mail application
The information provided herein is on "as is" basis, without warranty of any kind.
Source: Sri Lanka CERT|CC