Here’s the initial story:
Affecting the ios stock email app
: It’s important to understand the following:
These bugs alone cannot cause harm to iOS users – since the attackers would require an additional infoleak bug & a kernel bug afterwards for full control over the targeted device.
“Both bugs were already disclosed during the publicly available beta update. The attackers are already aware that the golden opportunity with MobileMail/maild is almost over and they will likely use the time until a patch is available to attack as many devices as possible.
With very limited data we were able to see that at least six organizations were impacted by this vulnerability – and the potential abuse of this vulnerability is enormous. We are confident that a patch must be provided for such issues with public triggers ASAP.”
Lol. Guess it’s better to be informed than not even if it’s mostly false alarm click baity headlines. The good thing about learning of potential exploits for me is gaining a better understanding of our extra appendage (your phone, not the other appendage,) and keeping me aware that even though we have become so comfortable with devices and we trust them, it is a false sense of safety and security. I would love to infiltrate a zero day exploit group, to learn what exploits and software are being used by individuals and by countries like Israel who has one of the best cyber security sectors in the world. Or even just learning the secrets of cyber security companies that sell zero days to the highest bidder.
Long post basically to say I want to know the current capabilities so that I can protect myself but also, like watching a horror movie, I want the shock value of such information. There are exploits out that with capabilities that would shock us all I bet. Closely guarded and eyes only top secret, I wonder how and where such information can be gained.
Apple issued patches:
In the interim, the only mitigation for these flaws is to disable any email accounts that are connected to the iOS Mail application, and use an alternative application, such as Microsoft Outlook or Google’s GMail,” Narang wrote.
Haha wth, why wouldn’t he recommend applications that are more secure? Outlook and gmail get mined by their respective companies.