• Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • RESOURCES
    • Documentation
    • Forum
    • Webcast Training
    • Training Courses
    • Support
    • Software Download
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
  • COMPANY
    • Contact
    • Team
    • Testimonials
    • Career
    • Events
  • PRICE REQUEST
  • BLOG
  • FREE TRIAL VERSION
    • Price Request
    • Free Trial Version
  • English
    • Deutsch
  • Search
  • Menu Menu
  • Sicherheitslücke in iOS-App Mail: Was Sie jetzt tun sollten

Vulnerability in iOS App Mail: What you should do now

Currently, due to a security vulnerability, criminals are apparently able to smuggle malicious code into iPhones and iPads via emails. Affected are iOS devices on whichenen the software is installed in version 13.4.1 or a previous version up to version 6 . The Federal Office for Information Security (BSI) assesses the vulnerability as very critical and warns against using the iOS Mail app.

Nach aktuellem Wissensstand ist lediglich die Mail-App kompromittiert, nicht das komplette Gerät. Nichts desto trotz erlaubt es den Angreifern, E-Mails zu lesen, zu verändern und zu löschen. It is not yet known whether further dangers arise from an infection. However, the security company ZecOps points out that the vulnerability is already being actively exploited. A patch is not yet available.

Depending on the version, the attack vectors also differ: In iOS 12 downwards, the user must open the infected email to allow the malicious code to take effect; from version 13 onwards, it is even sufficient to receive the email. The infection is ultimately made possible by triggering a so-called heap overflow. This allows attackers to use malicious code to execute arbitrary commands in the respective process – in this case the mail app. Such a heap overflow can be achieved for example via specially prepared office files in RTF format or multipart Emails.

What we recommend

  • Delete the iOS App Mail or turn off synchronization
  • Use Microsoft Outlook as your email client
  • Apply the announced patch as soon as it is available.

Alternatively:

  • Sign up for the Apple Beta Software Program. In the iOS beta version 13.4.5 the patch is already integrated.

Ensure safety with Intunes

Microsoft Intune is part of the Enterprise Mobility + Security Suite and part of Microsoft 365. Via the central management for Windows, iOS, macOS and Android, device settings can be made, devices provisioned and profiles and software distributed to clients.

In this case, we recommend disabling access for all existing iOS devices via Exchange ActiveSync. You should also block new devices from the Exchange ActiveSync quarantine before they connect to the Exchange server.

Both is conveniently possible via Microsoft Intune. In addition, you can easily block iOS Mail to keep any malicious code from the devices.

Do you want to use Microsoft Intune to provide more security?

More information about Microsoft Intune

  • share 
  • share 
  • tweet 
  • email 

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

You need support?

You can find more information about NoSpamProxy in our documentation and forum.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events
Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Webinar: Zuverlässige AS4-Lösung mit NoSpamProxy Preview
    Webinar: Reliable AS4 solution with NoSpamProxy24.11.2023 - 08:55
  • E-Mail-Verschluesselung Microsoft Purview Information Protection NoSpamProxy Encryption Vergleich Preview
    Email encryption: Microsoft Purview Information Protection and NoSpamProxy Encryption compared22.11.2023 - 09:00
  • Info Icon
    Changes in NoSpamProxy Cloud: What you need to do now17.11.2023 - 12:43
IMPRINT • EULA • Privacy Policy • Change Cookie Settings • © 2023 Net at Work GmbH
  • Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
Strengthening the NoSpamProxy Support TeamVerstärkung des NoSpamProxy Support-TeamsBerliner Kammergericht CyberangriffThat is why public institutions are the main targets of cyber attacks
Scroll to top