“[W]e surmise with high confidence that these vulnerabilities … are widely exploited in the wild in targeted attacks by an advanced threat operator(s)”, says the report.
It recommends that you disable Mail and use an alternative email app such as Gmail or Outlook until the next iOS update gets to you.
The flaw in iOS 13, the latest version of iOS, can exploit a person’s account without them even opening the email, known as a zero click attack. All it requires is for Mail to be open in the background on the device and an email can allow a hacker to infect it.
In iOS 12, it is claimed that a person would have to click on the email for a similar attack to occur. ZecOps says it has recreated the attack in its labs and informed Apple of the potential bug last month.
It says Apple has already fixed the issue in a patch on the latest beta of iOS, and that a public fix will come soon in a point update to all compatible iPhones and iPads.