Apple has denied claims that zero-day vulnerabilities in its Mail application for iOS have been actively used to target iPhone and iPad users.
This followed a report that outlined two critical flaws in the software suite's mail client, which could have allowed hackers to scrape information from the target device.
The report from security firm ZecOps stated, “with high confidence”, that the newly discovered flaws have been widely exploited in the wild. However, while Apple has acknowledged the existence of the bugs, it says it has found “no evidence they were used against customers.”
- Major Apple security flaws leave iPhone and iPad devices open to attack
- Apple reversed plans for fully encrypted backups
- Apple slams Google for 'stoking fear' among iPhone users
Apple security flaws
Apple is widely praised for its excellent digital security standards and watertight code, and is understandably eager to preserve its reputation.
The company disputes ZecOps’ assertion that the flaws have been used to attack multiple high-profile targets, including employees of a Fortune 500 company and an executive at a Japanese telecoms firm.
In its written riposte, Apple claims to have conducted a full enquiry, which unearthed no evidence to suggest the vulnerabilities have been exploited in the wild.
“We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users,” said Apple.
“The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”
ZecOps, meanwhile, is sticking firmly to its resolve. The company says it has access to evidence the bugs were used to assault “a few organizations” and has promised to share intelligence with Apple once a full software update has been made publicly available.
- Here's our list of the best antivirus services on the market
Via Reuters
