Apple has found no evidence that recently discovered vulnerabilities in the native iOS Mail app have been exploited by hackers, the company said in a statement. “We have found no evidence that they have been used against customers,” the company said. It was also doubted that the problems that had arisen in both the iPhone and iPad versions of the Mail app were sufficient to bypass the security protection of the two devices.
Apple’s response directly contradicts claims by security researchers at ZecOps that they have found evidence that the exploit is being used against at least six high-profile targets. The errors allowed a hacker to infect a device by simply sending them a specially crafted email and the victim opening it. At the time, ZecOps said it had “great confidence”
Apple said the security vulnerabilities claimed by ZecOps up to iOS 6 pose no immediate risk to its users and will be addressed in an upcoming software update. When the vulnerabilities were originally disclosed, ZecOps said that Apple had already fixed the problems in the beta version of Apple Mail.
According to the research firm’s original report, some members of the security community – including a Google Project Zero researcher – questioned its claims that the problems in the wild had been exploited. ZecOps had said the goals not mentioned included a manager at a mobile operator in Japan and people from Fortune 500 companies in North America.
Apple’s full statement is below:
“Apple takes all reports of security threats seriously. We have thoroughly researched the researcher’s report and, based on the information provided, have concluded that these issues are not an immediate risk to our users. The researcher identified three issues in Mail, but by themselves, they’re not enough to bypass iPhone and iPad security protection, and we haven’t found any evidence that they were used against customers. These potential problems will be addressed in a software update shortly. We value our collaboration with security researchers to ensure the safety of our users and will attribute their support to the researcher. “