Apple Says Recently Discovered iOS Mail Vulnerabilities Pose No Immediate Threat, But a Patch Is in the Works

[I7guy]

I can't be bothred to even read them. Whether you agree or not, like it or not, deem it strawman or not, I posted some facts that you cannot refute as hard as you try.
When you do I'll be back to answer your questions.

Some of your posts are strawman containing snippets of business terminology (and they fall into multiple categories in the link provided). I’d be more than happy to continue the debate of whether Apple was on their game due to them missing this bug for so many years, if you address the questions. But you can’t, very few can because a detailed roadmap of Apples line of operations is needed. Very few have that. But instead of addressing the posts, ad-homs were thrown around.

 

[1144557]

PS https://9to5mac.com/2020/04/27/iphone-mail-vulnerabilities-2/

Everyone now appears to agree with one of Apple’s statements: that the iOS Mail app vulnerabilities discovered by ZecOps cannot be exploited on their own. Apple said:

The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections.

ZecOps accepts this, and it has been backed by other security researchers. However, as we noted last week, that doesn’t mean that they couldn’t have been exploited alongside other vulnerabilities in order to carry out a successful attack.

The denial is not a complete refutation of the claim. It may be the case that the specific vulnerabilities alone cannot bypass security safeguards, but that they can be combined with existing exploits in order to do so.

Wired reports that our take has now been echoed by two high-profile security researchers.

iOS security researcher and Guardian Firewall creator Will Strafach points out that while Apple and ZecOps are correct about the limited utility of the Mail bugs alone, it’s still important to take these types of bugs seriously.
“A zero-click like this is especially interesting because it is not a full exploit chain, yet due to the nature of how it works, it could enable something like a smash-and-grab for mailbox data. Even the prospect of copying emails then self-deleting the crafted ‘attack email’ is quite scary.”

TDLR, much ado about nothing. These arent exploits on their own to access iOS. And unless you are a high profile target, no one is going out of their way since its not a direct road in