
Flaw in iPhone, iPads may have allowed hackers to steal data for years - joering2
https://www.reuters.com/article/us-usa-apple-cyber/flaw-in-iphone-ipads-may-have-allowed-hackers-to-steal-data-for-years-idUSKCN2242IK
======
tlb
Technical details at [https://blog.zecops.com/vulnerabilities/unassisted-ios-
attac...](https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-
mobilemail-maild-in-the-wild/)

~~~
Operyl
To dang, and the rest of the HN crew, I think this should be the link (perhaps
merge with the other submission).

~~~
dang
Working on it. Edit: ok, comments merged thither. Thanks all!

------
dkonofalski
I know there's more to this but I really hate the way that journalists report
on things like this. Based on the article, it makes it sound like someone just
needs to send you a blank email and then they have full access to any iPhone
since 2012. The reality is that the attacker would have to send an attachment
or email with a specific payload and then somehow run that payload which would
have to include another exploit specifically for the kernel.

In any case, I'm glad to see that this has been patched and will be out soon.
I wonder how many cases have actually been compromised and exploited out in
the wild.

------
DantesKite
> To execute the hack, Avraham said victims would be sent an apparently blank
> email message through the Mail app forcing a crash and reset. The crash
> opened the door for hackers to steal other data on the device, such as
> photos and contact details.

Oh wow.

~~~
RL_Quine
Note that would need another exploit to pull off. This only allows execution
within the context of the mail parser.

