• Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • HOME
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • SUPPORT
    • Knowledge Base
    • Forum
    • Training courses
    • Support Request
    • Software-Download
    • Resources
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
  • COMPANY
    • Team
    • Testimonials
    • Career
    • Contact
  • EVENTS
    • Events
    • Webcast Training
  • BLOG
  • FREE TRIAL VERSION
    • Price request
    • Free trial version
  • English
    • Deutsch
  • Search
  • Menu Menu
  • Sicherheitslücke in iOS-App Mail: Was Sie jetzt tun sollten

Vulnerability in iOS App Mail: What you should do now

Currently, due to a security vulnerability, criminals are apparently able to smuggle malicious code into iPhones and iPads via emails. Affected are iOS devices on whichenen the software is installed in version 13.4.1 or a previous version up to version 6 . The Federal Office for Information Security (BSI) assesses the vulnerability as very critical and warns against using the iOS Mail app.

Nach aktuellem Wissensstand ist lediglich die Mail-App kompromittiert, nicht das komplette Gerät. Nichts desto trotz erlaubt es den Angreifern, E-Mails zu lesen, zu verändern und zu löschen. It is not yet known whether further dangers arise from an infection. However, the security company ZecOps points out that the vulnerability is already being actively exploited. A patch is not yet available.

Depending on the version, the attack vectors also differ: In iOS 12 downwards, the user must open the infected email to allow the malicious code to take effect; from version 13 onwards, it is even sufficient to receive the email. The infection is ultimately made possible by triggering a so-called heap overflow. This allows attackers to use malicious code to execute arbitrary commands in the respective process – in this case the mail app. Such a heap overflow can be achieved for example via specially prepared office files in RTF format or multipart Emails.

What we recommend

  • Delete the iOS App Mail or turn off synchronization
  • Use Microsoft Outlook as your email client
  • Apply the announced patch as soon as it is available.

Alternatively:

  • Sign up for the Apple Beta Software Program. In the iOS beta version 13.4.5 the patch is already integrated.

Ensure safety with Intunes

Microsoft Intune is part of the Enterprise Mobility + Security Suite and part of Microsoft 365. Via the central management for Windows, iOS, macOS and Android, device settings can be made, devices provisioned and profiles and software distributed to clients.

In this case, we recommend disabling access for all existing iOS devices via Exchange ActiveSync. You should also block new devices from the Exchange ActiveSync quarantine before they connect to the Exchange server.

Both is conveniently possible via Microsoft Intune. In addition, you can easily block iOS Mail to keep any malicious code from the devices.

Do you want to use Microsoft Intune to provide more security?

More information about Microsoft Intune

  • share 
  • share 
  • tweet 
  • email 

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

Knowledge Base

Knowledge Base

Note: The information in this knowledge base is only relevant for NoSpamProxy up to version 13.2. All information for NoSpamProxy 14 and higher can be found in the online documentation.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events
Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Info IconCritical Outlook vulnerability: No threat to NoSpamProxy customers24.03.2023 - 15:09
  • Default filter settings in NoSpamProxy 1422.03.2023 - 10:00
  • NoSpamProxy UpdateGlobal Rollout NoSpamProxy Version 14.0.515.03.2023 - 15:20
IMPRINT • EULA • Privacy Policy • © 2023 Net at Work GmbH
  • Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
Strengthening the NoSpamProxy Support TeamVerstärkung des NoSpamProxy Support-TeamsBerliner Kammergericht CyberangriffThat is why public institutions are the main targets of cyber attacks
Scroll to top