The default email client Mail in the iOS operating system allows attackers to steal information, including personal data, used during registration on cryptocurrency exchanges. The vulnerability was discovered by ZecOps cybersecurity company researchers.
The application allows you to connect the email of several providers. The device is infected through a letter sent to the mail with a special attachment. Moreover, the vulnerability can be activated even before the letter is fully downloaded. It absorbs significant amounts of iPhone or iPad memory and causes a short-term malfunction of the operating system.
With the help of the vulnerability, hackers steal photos, information about contacts, and can also modify and delete user emails, which potentially provides them with access to the data used during registration on bitcoin exchanges.
According to ZecOps, the vulnerability is present in Apple devices with at least iOS 6, that is, since September 2012.
Hackers have already exploited it on devices running iOS 11, 12 and 13. Their victims were residents of North America, Japan, Saudi Arabia, Israel, Germany and other countries. Whether these users were harmed is not reported.
Apple has already been notified of the vulnerability and partially fixed it. It is recommended that users whenever possible update the system, disable manual automatic data download and the “Push” option on the “Passwords and Accounts” tab and install an alternative email client.
In April, because of a critical vulnerability on the Bisq exchange, attackers withdrew $ 250,000 in BTC and XMR.