- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Apple iOS Mail App vulnerability
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apple iOS Mail App vulnerability
Hi,
all I could find from Check Point regarding the iOS Apple mail app vulnerability is:
"On Apr 22nd 2020, 2 new iOS vulnerabilities in iOS native email client application were disclosed. The vulnerabilities affect all versions from iOS 6 including iOS 12 and iOS13 till date. These, in combination with another vulnerability an attacker might poses might enable RCE (Remote Code Execution) in the Mail app context, allowing an attacker to steal all email information. The vulnerability is exploited by a malicious crafted email that requires 0-click (iOS 13) or 1-click (opening the email, in iOS 12). This can also be used as part of a vulnerability chain for gaining full access to the device.
A security patch from Apple is now in beta and an official security patch was not yet released.
Until a security patch is released we recommend disabling the native email app and working with other email clients.
Once a security patch is released, SandBlast Mobile can help alert and enforce device updates to the latest security patch.
In case this attack will be used as part of an exploit chain to gain full access on the device, and the device will be jailbroken, SandBlast Mobile will detect it and raise an alert.
In case this attack will be used to steal data from the mobile device by using network connections to a remote command and control server – On-Device Network Protection (ONP) is designed to block such attempts."
If we are talking about business emails, which are received on the mobile via a company mailserver standing behind a Check Point firewall, is there a possibility to prevent this kind of attacks?
Kind regards
Bjoern
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the meantime Check Point published additional information's:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So you are basically answering your own question 🙂
