Apple Inc is planning to fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers.
The bug, which also exists on iPads, was discovered by ZecOps, a San Francisco-based mobile security forensics company, while it was investigating a sophisticated cyberattack against a client that took place in late 2019.
Zuk Avraham, ZecOps' chief executive, said he found evidence the vulnerability was exploited in at least six cybersecurity break-ins.
An Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.
Apple declined to comment on Avraham’s research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.
Avraham said he found evidence that a malicious program was taking advantage of the vulnerability in Apple’s iOS mobile operating system as far back as January 2018. He could not determine who the hackers were and Reuters was unable to independently verify his claim.
To execute the hack, Avraham said victims would be sent an apparently blank email message through the Mail app forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details.
ZecOps claims the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. By itself, the flaw could have given access to whatever the Mail app had access to, including confidential messages.
Avraham, a former Israeli Defense Force security researcher, said he suspected that the hacking technique was part of a chain of malicious programs, the rest undiscovered, which could have given an attacker full remote access. Apple declined to comment on that prospect.
ZecOps found the Mail app hacking technique was used against a client last year. Avraham described the targeted client as a “Fortune 500 North American technology company,” but declined to name it.
They also found evidence of related attacks against employees of five other companies in Japan, Germany, Saudi Arabia, and Israel.
Avraham based most of his conclusions on data from “crash reports,” which are generated when programs fail in mid-task on a device. He was then able to recreate a technique that caused the controlled crashes.
Two independent security researchers who reviewed ZecOps’ discovery found the evidence credible, but said they had not yet fully recreated its findings.
Patrick Wardle, an Apple security expert and former researcher for the U.S. National Security Agency, said the discovery “confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices.”
Because Apple was not aware of the software bug until recently, it could have been very valuable to governments and contractors offering hacking services. Exploit programs that work without warning against an up-to-date phone can be worth more than $1 million.
While Apple is largely viewed within the cybersecurity industry as having a high standard for digital security, any successful hacking technique against the iPhone could affect millions due to the device’s global popularity. In 2019, Apple said there were about 900 million iPhones in active use.
Bill Marczak, a security researcher with Citizen Lab, a Canada-based academic security research group, called the vulnerability discovery “scary.”
“A lot of times, you can take comfort from the fact that hacking is preventable,” said Marczak. “With this bug, it doesn’t matter if you’ve got a PhD in cybersecurity, this will eat your lunch.”
Reuters
Wed Apr 22 2020
ZecOps claims the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. - File photo
Penjawat awam diharap laksana pembaharuan digarap Kerajaan Madani - KSN
Mohd Zuki berkata pembinaan negara bangsa amat bergantung kepada produktiviti dan prestasi para pekerja yang merupakan jentera utama pembangunan negara.
Kenaikan gaji penghargaan kepada 1.6 juta penjawat awam - CUEPACS
Pengumuman kerajaan berhubung kenaikan gaji lebih 13 peratus bermula Disember ini satu penghargaan kepada kira-kira 1.6 juta penjawat awam negara yang meletakkan negara di landasan kukuh, kata Kongres
Harga petrol, diesel kekal bagi tempoh 2 Mei hingga 8 Mei
Harga itu ditetapkan berdasarkan harga runcit mingguan produk petroleum menggunakan formula Mekanisme Harga Automatik.
Pantau Agenda Reformasi: Pantau kenaikan gaji penjawat awam lebih 13 peratus
Prof Dr Balakrishnan Parasuraman, Dekan Pusat Pengajian Pascasiswazah UMK
Perincian kenaikan ketika pembentangan Belanjawan 2022
Menteri Komunikasi itu berkata kenaikan itu hanya boleh berlaku susulan pengurusan dan tatakelola yang lebih baik diamalkan Kerajaan Perpaduan, terutamanya dalam usaha melawan rasuah.
19 maut lebuh raya runtuh di Guangdong, China
Kejadian berlaku kira-kira 2.10 pagi di sebahagian Lebuhraya Meizhou-Dabu di Meizhou.
PM arah segera tubuh Suruhanjaya Pekerja GIG
Datuk Seri Anwar Ibrahim turut memaklumkan pendapatan minimum penjawat awam meliputi gaji dan elaun mesti melebihi RM2,000 sebulan bermula tahun ini.
Kenaikan beri impak kepada perspektif ekonomi negara
Dr Yusof Saari berkata kenaikan gaji penjawat awam bakal memberi impak positif kepada pemulihan ekonomi.
Kementerian Pengangkutan pantau perkembangan ruang udara
Kementerian Pengangkutan (MoT) memantau rapi perkembangan terkini situasi Gunung Ruang, Indonesia yang dilaporkan meletus sebanyak tiga kali semalam dan mengakibatkan abu merebak ke negara ini.
Menteri Pengangkutan Anthony Loke berkata setakat ini letusan gunung berapi berkenaan telah menjejaskan sedikit ruang udara di Tawau, Sabah sehingga menyebabkan beberapa penerbangan ke daerah itu terpaksa dilencongkan ke Kota Kinabalu semalam.
Menteri Pengangkutan Anthony Loke berkata setakat ini letusan gunung berapi berkenaan telah menjejaskan sedikit ruang udara di Tawau, Sabah sehingga menyebabkan beberapa penerbangan ke daerah itu terpaksa dilencongkan ke Kota Kinabalu semalam.
Kebakaran sampah jejas kesihatan penduduk
Kebakaran kawasan pelupusan sampah di Kampung Sungai Ikan,Kuala Nerus sejak enam hari lalu menimbul kesulitan dan keresahan penduduk dikawasan berhampiran.
Penduduk mendakwa kebakaran itu mengakibatkan kawasan berkenaan diselubungi asap tebal hingga mengganggu rutin harian dan bimbang dengan tahap kesihatan mereka.
Penduduk mendakwa kebakaran itu mengakibatkan kawasan berkenaan diselubungi asap tebal hingga mengganggu rutin harian dan bimbang dengan tahap kesihatan mereka.
Apple dijangka tambah ciri AI pada Safari melalui iOS 18
Ciri kecerdasan buatan pada Safari kelak akan memudahkan beberapa proses pelayaran.
Apple Pencil baharu hadir dengan sistem haptik
Apabila digunakan pada skrin iPad, pengguna boleh merasakan tindak balas haptik seakan menggunakan pensel sebenar.
iPad Pro mungkin dijana dengan cip Apple M4 terbaharu, fokus ciri AI
Cip Apple M4 dijangka memfokuskan kepada keupayaan enjin neural yang disertakan bersama dengannya membolehkan ia menawarkan ciri AI yang lebih baik.
Apple perkenal HomePod, HomePod Mini di Malaysia, harga bermula RM529
Kedua-duanya akan mula dijual 10 Mei 2024 untuk pasaran tempatan.
Apple dalam perbincangan guna teknologi OpenAI dalam iOS 18 - Laporan
iOS 18 akan membawakan perubahan paling besar untuk sistem operasi iPhone tahun ini dan integrasi sistem AI akan akhirnya didedahkan.
'Made in Malaysia' - Apple punyai 19 kilang pembekal di negara ini
Malaysia merupakan salah satu negara yang mempunyai beberapa kilang pembekal yang menawarkan komponen kepada Apple.
Syarikat induk Google kini kembali bernilai lebih AS$2 trilion
ALPHABET, syarikat induk disebalik Google kini sekali lagi berjaya mencapai nilai pasaran semasa melangkaui AS$2 trilion.
TSMC akan hasilkan cip 1.6nm menjelang 2026
Menurut TSMC, teknologi 1.6mm akan memberikan peningkatan prestasi sehingga 8-10% untuk voltan yang sama serta pengurangan penggunaan kuasa antara 15-20% pada kelajuan yang sama.
Apple dilapor kurangkan pengeluaran Vision Pro susulan permintaan rendah
Walaupun jualan pada awalnya amat memberangsangkan, momentum tidak berterusan kerana unit awal hanya dibeli oleh peminat paling tegar Apple.
Apple dilapor hentikan pengeluaran aksesori FineWoven kerana isu kualiti
FineWoven menggantikan aksesori kulit yang dilihat sebagai tidak lestari dan oleh itu tidak selari dengan sasaran syarikat yang ingin mengurangkan impak ke atas alam sekitar.