MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,432
15,162


Apple has responded to a recent report on vulnerabilities discovered in its iOS Mail app, claiming the issues do not pose an immediate risk to users.

mail-ios-app-icon.png

Earlier this week, San Francisco-based cybersecurity company ZecOps said it had uncovered two zero-day security vulnerabilities affecting Apple's stock Mail app for iPhones and iPads.

One of the vulnerabilities was said to enable an attacker to remotely infect an iOS device by sending emails that consume a large amount of memory. Another could allow remote code execution capabilities. Successful exploitation of the vulnerabilities could potentially allow an attacker to leak, modify, or delete a user's emails, claimed ZecOps.

However, Apple has downplayed the severity of the issues in the following statement, which was given to several media outlets.
"Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher's report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance."
The vulnerabilities are said to impact all software versions between iOS 6 and iOS 13.4.1. ZecOps said that Apple has patched the vulnerabilities in the latest beta of iOS 13.4.5, which should be publicly released within the coming weeks. Until then, ZecOps recommends using a third-party email app like Gmail or Outlook, which are apparently not impacted.

Article Link: Apple Says Recently Discovered iOS Mail Vulnerabilities Pose No Immediate Threat, But a Patch Is in the Works
 
  • Haha
Reactions: GlenK

Macman8472

macrumors member
Nov 15, 2017
32
133
Recently my Mac OS Mail app keeps on crashing when I delete Trash or Junk folders. Am I the only one? Been sending reports to Apple when the app crashes. No virus detected on my Mac.
 
  • Like
Reactions: dk001

otternonsense

Suspended
Jul 25, 2016
2,213
6,301
Berlin
Yeah, it's good we actually receive patches and updates, no?

Of course it's good. The amount of patches we are receiving though, addressing issues evidenced by third parties and made public, doesn't inspire a lot of trust in Apple's own iOS and macOS QA for proactive bug fixing. At least they're pushing those patches relatively fast.
 

MandiMac

macrumors 65816
Feb 25, 2012
1,309
690
Of course it's good. The amount of patches we are receiving though, addressing issues evidenced by third parties and made public, doesn't inspire a lot of trust in Apple's own iOS and macOS QA for proactive bug fixing. At least they're pushing those patches relatively fast.
I‘d rather nitpick about the amount of patches we are receiving than having security problems without a patch in sight. It‘s the lesser evil, really.
 

otternonsense

Suspended
Jul 25, 2016
2,213
6,301
Berlin
I‘d rather nitpick about the amount of patches we are receiving than having security problems without a patch in sight. It‘s the lesser evil, really.

Nitpicking about the something so basic that shouldn't be broken in the first place. After 13 versions and untold number of patches of iOS, Apple still can't figure out how to make Mail watertight? To the point that "ZecOps recommends using a third-party email app like Gmail or Outlook"?? That's the bigger evil IMHO.
 

MandiMac

macrumors 65816
Feb 25, 2012
1,309
690
Nitpicking about the something so basic that shouldn't be broken in the first place. After 13 versions and untold number of patches of iOS, Apple still can't figure out how to make Mail watertight? To the point that "ZecOps recommends using a third-party email app like Gmail or Outlook"?? That's the bigger evil IMHO.
Of course it is inconvenient. But since we know that iOS 14 will be a „Snow Leopard“ release focussing on getting things right again, don‘t you believe that Apple management is very, very aware of it? Lessons have been learned.
 

otternonsense

Suspended
Jul 25, 2016
2,213
6,301
Berlin
Of course it is inconvenient. But since we know that iOS 14 will be a „Snow Leopard“ release focussing on getting things right again, don‘t you believe that Apple management is very, very aware of it? Lessons have been learned.

We don't know anything about that. Only rumours. And Apple's management is the last place I'd seek for awareness of user issues, given their track record since iOS 11 and the train wreck in slow motion that is Catalina. If their lessons were learned, they'd be announcing a replacement to Federighi already.
 

MandiMac

macrumors 65816
Feb 25, 2012
1,309
690
We don't know anything about that. Only rumours. And Apple's management is the last place I'd seek for awareness of user issues, given their track record since iOS 11 and the train wreck that is Catalina. If their lessons were learned, they'd be announcing a replacement to Federighi already.
Jon Prosser said among others that the upper management is keeping a very close eye to sites like this. And what would giving Federighi the boot actually change? It‘s not like he‘s the one introducing the bugs. Chill a bit, nobody of us is personally affected, and bugs do happen. Not a single system is perfectly safe. Again, we can be happy that we‘re getting a patch so fast with 13.4.5 - everything else is getting worked up and blood pressure over nothing.
 

gnasher729

Suspended
Nov 25, 2005
17,980
5,550
I'm pretty sure Apple will have prioritised some irrelevant pleasantry like Memoji barf physics in iOS 14 than getting Mail, FaceTime or personal hotspot straightened out.

What makes you think the same people would work on these things? There's one graphics designer who creates new emojis who is very good and drawing emojis but doesn't have the slightest clue how to fix bugs in Mail.
 

gnasher729

Suspended
Nov 25, 2005
17,980
5,550
Nitpicking about the something so basic that shouldn't be broken in the first place. After 13 versions and untold number of patches of iOS, Apple still can't figure out how to make Mail watertight? To the point that "ZecOps recommends using a third-party email app like Gmail or Outlook"?? That's the bigger evil IMHO.
ZecOps wants to sound important, that is the whole reason for their existence. "There's a bug in Mail but it's safe to use" doesn't get them headlines, right?
 

otternonsense

Suspended
Jul 25, 2016
2,213
6,301
Berlin
Jon Prosser said among others that the upper management is keeping a very close eye to sites like this. And what would giving Federighi the boot actually change? It‘s not like he‘s the one introducing the bugs. Chill a bit, nobody of us is personally affected, and bugs do happen. Not a single system is perfectly safe. Again, we can be happy that we‘re getting a patch so fast with 13.4.5 - everything else is getting worked up and blood pressure over nothing.

OK here's what I don't get and please level with me here:

Bugs happen, sure, but when they've been happening so often and for such a long time, there has got to be a problem at the top. Forstall was booted for far less damage with Maps and it's not like he coded it himself. Why do you vindicate them constantly dropping the ball on essentials like iOS core apps that have been out for more than a decade?

Some of us might indeed be personally affected. You don't know that. E.g. our employer mandates that we use Apple's Mail on our work-provided phones and there's no way around that. Frankly it makes me nervous because I deal with a lot of confidential content daily.

Why do you prefer invalidating a genuine user concern because some twitter nobody blue checkmark like Jon Prosser said something else?

My blood pressure is fine, thank you.

[automerge]1587725547[/automerge]
What makes you think the same people would work on these things? There's one graphics designer who creates new emojis who is very good and drawing emojis but doesn't have the slightest clue how to fix bugs in Mail.

A graphic designer doesn't typically work on implementation. Indeed, I don't know how Apple manages their dev resources but the proof is in the pudding, no?
 

andiwm2003

macrumors 601
Mar 29, 2004
4,359
415
Boston, MA
What makes you think the same people would work on these things? There's one graphics designer who creates new emojis who is very good and drawing emojis but doesn't have the slightest clue how to fix bugs in Mail.
I guess that is what he meant: Why does Apple prioritize hiring graphic designers that are very good in the first place? I'd rather have them hiring more programmers and spend the money on testing than hiring that graphic designer. I'm perfectly happy with a more robust OS that looks overall a bit more crappy as long as the functionality and easy of use is still there. But that's just me and I'm known to have no taste for aesthetics :)
 

MandiMac

macrumors 65816
Feb 25, 2012
1,309
690
Bugs happen, sure, but when they've been happening so often and for such a long time, there has got to be a problem at the top. Forstall was booted for far less damage with Maps and it's not like he coded it himself. Why do you vindicate them constantly dropping the ball on essentials like iOS core apps that have been out for more than a decade?
I‘m not sure if Mail ever had a problem of this priority before today. You can‘t really believe that one team codes everything - there are a lot of small sub-teams responsible, and they need time to solve this. Easy as that. You‘re referring to the bug-fest that is iOS 13? Still makes no sense picking out one person and kicking it out.
As for Forstall, these were other times: He didn‘t own up to the mistakes he made and refused to sign the apology letter that went public. That‘s a whole other reason than „oh, Maps isn‘t doing so fine“.
And sorry to be that way, but I‘m generelly wary when I read that a malware is only good for specialised and very targeted attacks. I see your point about having to use Apple Mail, but then it is on the employer, not you, right?
 
  • Like
Reactions: I7guy

I7guy

macrumors Penryn
Nov 30, 2013
26,538
14,874
Gotta be in it to win it
I guess that is what he meant: Why does Apple prioritize hiring graphic designers that are very good in the first place? I'd rather have them hiring more programmers and spend the money on testing than hiring that graphic designer. I'm perfectly happy with a more robust OS that looks overall a bit more crappy as long as the functionality and easy of use is still there. But that's just me and I'm known to have no taste for aesthetics :)
Who said Apple would prioritize graphics designers? Seems both are important in the scheme of things.
 

otternonsense

Suspended
Jul 25, 2016
2,213
6,301
Berlin
I‘m not sure if Mail ever had a problem of this priority before today. You can‘t really believe that one team codes everything - there are a lot of small sub-teams responsible, and they need time to solve this. Easy as that. You‘re referring to the bug-fest that is iOS 13? Still makes no sense picking out one person and kicking it out.
As for Forstall, these were other times: He didn‘t own up to the mistakes he made and refused to sign the apology letter that went public. That‘s a whole other reason than „oh, Maps isn‘t doing so fine“.
And sorry to be that way, but I‘m generelly wary when I read that a malware is only good for specialised and very targeted attacks. I see your point about having to use Apple Mail, but then it is on the employer, not you, right?

Did Federighi ever own up to iOS 12-13 and Catalina releases being an absolute poopfest? Nobody bothered with an "apology letter" stunt again, because likely that was all a matter of kicking Forstall out of the ivory tower than honest amends making. Maps remains a weak offering to this day outside of the US.

I don't allude to one team or one dev coding everything: but the integrity of the deliverable and prioritisation of features fall to a very few product owners and project managers who (I presume) answer to Federighi. And at the end he should sign off the work as department lead. He's the one responsible for the final result.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.