Warning Date: 24 April, 2020

Severity Level ● Critical

Warning Number: 2020-1173

Target Sector: All

One of the cybersecurity companies reported two zero-day vulnerabilities that exist in the default mailing application that is pre-installed on iPhones and iPads.

The attacker could exploit these vulnerabilities by sending an email to any targeted individual with his email account logged-in to the vulnerable app, which will then allow for remote code execution capabilities without the need for any intervention or interaction from the victim. Users may notice a temporary slowdown or a sudden crash of the Mail application.

Apple has clarified that they take all reports of security threats seriously. They have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to the users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and they have found no evidence they were used against customers.

These potential issues will be addressed in a software update soon.

Saudi CERT from its side, shall communicate and follow up with Apple for any update. In the event of any patch or mitigation from Apple, it will be acknowledged later.