Vulnerability in iOS App Mail: What you should do now

Currently, due to a security vulnerability, criminals are apparently able to smuggle malicious code into iPhones and iPads via emails. Affected are iOS devices on whichenen the software is installed in version 13.4.1 or a previous version up to version 6 . The Federal Office for Information Security (BSI) assesses the vulnerability as very critical and warns against using the iOS Mail app.

Nach aktuellem Wissensstand ist lediglich die Mail-App kompromittiert, nicht das komplette Gerät. Nichts desto trotz erlaubt es den Angreifern, E-Mails zu lesen, zu verändern und zu löschen. It is not yet known whether further dangers arise from an infection. However, the security company ZecOps points out that the vulnerability is already being actively exploited. A patch is not yet available.

Depending on the version, the attack vectors also differ: In iOS 12 downwards, the user must open the infected email to allow the malicious code to take effect; from version 13 onwards, it is even sufficient to receive the email. The infection is ultimately made possible by triggering a so-called heap overflow. This allows attackers to use malicious code to execute arbitrary commands in the respective process – in this case the mail app. Such a heap overflow can be achieved for example via specially prepared office files in RTF format or multipart Emails.

What we recommend

  • Delete the iOS App Mail or turn off synchronization
  • Use Microsoft Outlook as your email client
  • Apply the announced patch as soon as it is available.

Alternatively:

  • Sign up for the Apple Beta Software Program. In the iOS beta version 13.4.5 the patch is already integrated.

Ensure safety with Intunes

Microsoft Intune is part of the Enterprise Mobility + Security Suite and part of Microsoft 365. Via the central management for Windows, iOS, macOS and Android, device settings can be made, devices provisioned and profiles and software distributed to clients.

In this case, we recommend disabling access for all existing iOS devices via Exchange ActiveSync. You should also block new devices from the Exchange ActiveSync quarantine before they connect to the Exchange server.

Both is conveniently possible via Microsoft Intune. In addition, you can easily block iOS Mail to keep any malicious code from the devices.

Do you want to use Microsoft Intune to provide more security?