Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bjoern_Baumann
Participant

Apple iOS Mail App vulnerability

Hi,

 

all I could find from Check Point regarding the iOS Apple mail app vulnerability is:

"On Apr 22nd 2020, 2 new iOS vulnerabilities in iOS native email client application were disclosed. The vulnerabilities affect all versions from iOS 6 including iOS 12 and iOS13 till date. These, in combination with another vulnerability an attacker might poses might enable RCE (Remote Code Execution) in the Mail app context, allowing an attacker to steal all email information. The vulnerability is exploited by a malicious crafted email that requires 0-click (iOS 13) or 1-click (opening the email, in iOS 12). This can also be used as part of a vulnerability chain for gaining full access to the device.

A security patch from Apple is now in beta and an official security patch was not yet released.

Until a security patch is released we recommend disabling the native email app and working with other email clients.

Once a security patch is released, SandBlast Mobile can help alert and enforce device updates to the latest security patch.

In case this attack will be used as part of an exploit chain to gain full access on the device, and the device will be jailbroken, SandBlast Mobile will detect it and raise an alert.

In case this attack will be used to steal data from the mobile device by using network connections to a remote command and control server – On-Device Network Protection (ONP) is designed to block such attempts."

 

If we are talking about business emails, which are received on the mobile via a company mailserver standing behind a Check Point firewall, is there a possibility to prevent this kind of attacks?

 

Kind regards

Bjoern

0 Kudos
2 Replies
Bjoern_Baumann
Participant

0 Kudos
_Val_
Admin
Admin

So you are basically answering your own question 🙂

0 Kudos