Researchers say they’ve uncovered rare exploits that allow hackers to infiltrate Apple’s lauded iOS.
‘We concluded with high confidence that it was exploited in the wild,’ Zuk Avraham, the founder of ZecOps, told Motherboard.
‘One of [the vulnerabilities] we clearly showed that it can be triggered remotely, the other one requires an additional vulnerability to trigger it remotely.’
The exploits are a rare lapse in iOS security that researchers say has been used to hack individuals at American companies and a ‘German VIP’ (stock)
The remote vulnerability is especially dangerous according to researchers since it doesn’t require a victim to ‘click’ or interact with anything in order to be exploited.
While ZecOps didn’t elaborate on what, if anything, the hacks stole or who may be using them, the firm did say that they targeted people working for major companies in the US, ‘a German VIP’, an executive in Japan and a journalist from Europe.
Zuk Avaraham, the founder of ZecOps, told Motherboard that the flaws were exploited by ‘someone who wants to get privileged access’ to a target’s device.
ZecOps says the exploit was leveraged Apple’s mail app and was likely purchased from a third-party by a nation-state looking to use the flaw for surveillance.
As noted by Motherboard, zero-day exploits like the one discovered by ZecOps are flaws that have not been identified by the companies that they affect and are rarely discovered in Apple’s iOS.
Zero-day iOS flaws are rarely discovered but are often exploited by nation-states and other organized cyber espionage groups (stock)
Zero-day flaws are also rarely spotted ‘in the wild’ meaning they haven’t been identified by a company or service. This is because they are often used by sophisticated hackers who cover their tracks after leveraging the exploit.
The flaws have been reported to Apple and according to Motherboard, they will be patched in an upcoming update for iOS 13.
Though the exploits aren’t likely being used against people en masse, Motherboard says users can safely guard against the flaw by deleting the Mail app from their phones.