Skip to main content

Massive iPhone security flaw left millions of phones vulnerable to hacks

Over half a billion iPhones are vulnerable to hackers, and iPads are susceptible, too — and Apple is still working to deploy its fix.

The issue — which was discovered by cybersecurity company ZecOps exec Zuk Avraham — lies with Apple’s Mail app, which leaves devices vulnerable to hackers, according to Reuters.

Avraham found a malicious program was exploiting the bug as far back as January 2018, though he’s not sure who was behind the program. He said iPhone owners who were affected were sent a blank email message that crashed the app and forced a reset.

Owners didn’t even have to open the message for the crash to happen, according to The Wall Street Journal. The Mail app downloading it was enough. Hackers could then access the device’s photos, contact, and other data. The vulnerability also left the Mail app susceptible to hackers, including the ability to see private messages.

Avraham doesn’t believe many people have been targeted by the malicious program. Apple said it’s fixed the issue, but it hasn’t yet widely deployed the patch via an update yet.

“Apple takes all reports of security threats seriously,” an Apple spokesperson said in an email Friday to Digital Trends. “We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.”

Though Apple often touts the security of its products, this isn’t the first vulnerability researchers have found this year. In February, software developers found a flaw in Apple iOS’s copy-and-paste system. It affected both iPhones and iPads.

If you hit copy on some text on your device, it would assume you wanted to paste it into the next app you open. But if you accidentally hit copy and opened a different app, it would still be able to access whatever you copied. Essentially, any app or widget would be able to “see” whatever you had copied, if you opened it right after.

Tommy Mysk, one of the developers who found the problem, told Digital Trends that you can help combat the issue by disabling Universal Clipboard on your device.

If you’re wary about having the Mail app on your iPhone or iPad while waiting for Apple to deploy an update for the issue, you can always delete it.

Patrick Wardle, a security researcher at Jamf Software LLC, told the Wall Street Journal that’s probably unnecessary, as the malicious program seems very limited in reach at this point.

Editors' Recommendations

Jenny McGrath
Former Digital Trends Contributor
Jenny McGrath is a senior writer at Digital Trends covering the intersection of tech and the arts and the environment. Before…
iOS 17 is official, and it’s going to totally change your iPhone
iOS 17 overview.

Apple has just revealed iOS 17 at its Worldwide Developer Conference (WWDC) keynote. This is the next major update for Apple’s iPhone hardware, which will publicly launch in the fall alongside the iPhone 15. However, those who are in Apple’s Developer Program can get ahold of the iOS 17 beta today, while those who are enrolled in Apple’s Beta Software Program can grab the beta in July.

In addition to the usual bug fixes and improvements, iOS 17 is bringing a lot of new features to the table as well. Here’s a rundown of all of iOS 17’s major changes.
Changes to Phone, FaceTime, and Messages

Read more
Apple is adding a brand new app to your iPhone with iOS 17
Journal app for iOS 17.

Apple is adding a new first-party app called Journal with the introduction of iOS 17, the company announced today during WWDC 2023. Journal is, as its name simply states, a new place for iPhone users to keep track of their daily activities, log their emotional health, and jot down anything else that they want to write about.

Apple has continued to lean into its first-party health and wellness iOS apps with things like Fitness, Sleep, and Breathe, and now Journal will be joining their ranks as the company's first attempt at an app that focuses on mental well-being.

Read more
I put the iPhone’s Dynamic Island on my Pixel 7 Pro — and I can’t go back
The expanded DynamicSpot Dynamic Island at the top of the Pixel 7 Pro.

The Apple iPhone 14 Pro got a big refresh last year, and key to that was a new selfie camera design with a pill-shaped cutout. Only, this is no normal hole -- it's the home of a new feature, the oddly-named "Dynamic Island." It's a notification bubble that lives behind the selfie camera that displays information like music tracks, timers, and anything else you need to know, but don't need a full screen for. If you're playing music on Spotify, it'll display the track name and controls. If someone calls you, it'll show the person's contact information. Waiting for an Uber? It'll show you how far away it is. It's even tied into the Face ID unlock process. It's a great use of the selfie camera — and one with a bright future.

At least, that's what we thought. The Dynamic Island has had a tough start, as app support was extremely limited, meaning it didn't live up to Apple's promises. This persisted for a number of months before the Dynamic Island finally got what it needed to live up to its hype.

Read more