Researchers from the American cybersecurity company ZecOps published, on Monday 20 April 2020, a vulnerability in Apple Mail, the default mail application, on mobile devices such running Apple iOS or iPadOS. This vulnerability in the iOS Mail application allows hackers to control emails and threatens the security of millions of iPhone and iPad users, regardless of their version of iOS. While for iOS12 and lower versions a malicious e-mail must be viewed to activate the attack, under iOS 13 the simple reception of such a crafted message is enough to make it effective.
Take security measures
At this time, no widespread attack has been observed, however the risk is real considering the importance of e-mail for all kinds of operations. Therefore, the Restena Foundation advises its more than 25,000 e-mail account users, including many teachers in Luxembourg, to take appropriate security measures and temporarily stop using Apple Mail as e-mail software on their mobile phones and tablets.
However, Apple desktops and laptops are not vulnerable, as they are running a different operating system: OSX. Thus, the use of the Mail app on Mac is not considered an issue.
An app to be disabled until next update
Users are invited to disable the Apple Mail application until the next version of iOS (version 13.4.5) is available by deactivating email handling in the settings of vulnerable devices. The steps to follow are shown in the following description published by the Restena Foundation: 'Désactiver son compte e-mail dans l'application iOS-App « Mail » sur iPad et iPhone', French only.
As long as the update is not available, it is possible to use the secure webmail interface (webmail.restena.lu) provided by the Restena Foundation, or to install a different messaging software, such as Outlook. In the short term, the Webmail interface is to be preferred since it does not require the installation and configuration of a messaging software: only a web browser (usually Safari on Apple devices) is required to access e-mail without technical knowledge.