Skip to main content

Massive iPhone security flaw left millions of phones vulnerable to hacks

Over half a billion iPhones are vulnerable to hackers, and iPads are susceptible, too — and Apple is still working to deploy its fix.

The issue — which was discovered by cybersecurity company ZecOps exec Zuk Avraham — lies with Apple’s Mail app, which leaves devices vulnerable to hackers, according to Reuters.

Avraham found a malicious program was exploiting the bug as far back as January 2018, though he’s not sure who was behind the program. He said iPhone owners who were affected were sent a blank email message that crashed the app and forced a reset.

Owners didn’t even have to open the message for the crash to happen, according to The Wall Street Journal. The Mail app downloading it was enough. Hackers could then access the device’s photos, contact, and other data. The vulnerability also left the Mail app susceptible to hackers, including the ability to see private messages.

Avraham doesn’t believe many people have been targeted by the malicious program. Apple said it’s fixed the issue, but it hasn’t yet widely deployed the patch via an update yet.

“Apple takes all reports of security threats seriously,” an Apple spokesperson said in an email Friday to Digital Trends. “We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.”

Though Apple often touts the security of its products, this isn’t the first vulnerability researchers have found this year. In February, software developers found a flaw in Apple iOS’s copy-and-paste system. It affected both iPhones and iPads.

If you hit copy on some text on your device, it would assume you wanted to paste it into the next app you open. But if you accidentally hit copy and opened a different app, it would still be able to access whatever you copied. Essentially, any app or widget would be able to “see” whatever you had copied, if you opened it right after.

Tommy Mysk, one of the developers who found the problem, told Digital Trends that you can help combat the issue by disabling Universal Clipboard on your device.

If you’re wary about having the Mail app on your iPhone or iPad while waiting for Apple to deploy an update for the issue, you can always delete it.

Patrick Wardle, a security researcher at Jamf Software LLC, told the Wall Street Journal that’s probably unnecessary, as the malicious program seems very limited in reach at this point.

Editors' Recommendations

Jenny McGrath
Former Digital Trends Contributor
Jenny McGrath is a senior writer at Digital Trends covering the intersection of tech and the arts and the environment. Before…
It looks like the iPhone 16 will get a big design upgrade
Someone holding the Natural Titanium iPhone 15 Pro Max.

Following the release of the iPhone 15 Pro series, several early adopters reported overheating issues. Apple later confirmed that the problem was caused by a software bug in iOS 17, which affected some owners of the phones. The company quickly resolved the issue with the release of iOS 17.0.3 and never acknowledged that hardware played a role in the overheating. Fast-forward to the present, and it now looks like Apple plans to make hardware changes on the iPhone 16 that would make the 2024 handsets less likely to overheat.

According to Apple prototype collector Kosutami, Apple will make two changes to the next round of iPhones. On X, formerly Twitter, they note: "Apple is actively working on graphene thermal system of iPhone 16 Series to solve the heating problem existing before. And the battery of Pro series would change to metal shell, for the same reason."

Read more
It’s finally happening — your iPhone is getting RCS in 2024
iMessage on an iPhone 14 Pro Max, plus iMessage on an Android phone using the Beeper app.

Today is a day I truly didn't expect would ever happen. On November 16, 2023, Apple officially confirmed that RCS texting is finally coming to the iPhone in 2024.

Yes, you read that correctly. Starting "later next year," Apple will add RCS support to the iPhone. In other words, if you have an Android phone and are texting someone with an iPhone, you'll be able to text each other over RCS instead of SMS. That means you'll get many iMessage-like features such as typing indicators, read receipts, higher-resolution photo/video sharing, etc.

Read more
How I use my Apple Watch and iPhone to manage my diabetes
iPhone 15 Pro showing One Drop app and kit.

It’s November, which means it’s Diabetes Awareness Month, with World Diabetes Day recently happening on November 14. According to data from the Apple Heart and Movement Study (AHMS) and Apple Women’s Health Study (AWHS), there are about 537 million adults worldwide who are currently living with diabetes, with that number potentially reaching 643 million by 2030. In the U.S. alone, about two out of five people will develop diabetes in their lifetime, and more than one in three adults have elevated glucose levels that put them in the pre-diabetes zone.

I was pre-diabetic since my college years (it runs in both sides of my family), but then my doctor officially diagnosed me with Type 2 diabetes around early 2018. However, I was told that my case was more “mild” than others and that taking some medication — while also cutting out carbs and sweets, plus daily exercise — can help me keep it under control.

Read more