- Joined
- Dec 25, 2018
- Messages
- 469
- Trophies
- 0
- The vulnerability allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory
- The vulnerability does not necessarily require a large email – a regular email which is able to consume enough RAM would be sufficient. There are many ways to achieve such resource exhaustion including RTF, multi-part, and other methods
- Both vulnerabilities were triggered in-the-wild
- The vulnerability can be triggered before the entire email is downloaded, hence the email content won’t necessarily remain on the device
- We are not dismissing the possibility that attackers may have deleted remaining emails following a successful attack
- Vulnerability trigger on iOS 13: Unassisted (/zero-click) attacks on iOS 13 when Mail application is opened in the background
- Vulnerability trigger on iOS 12: The attack requires a click on the email. The attack will be triggered before rendering the content. The user won’t notice anything anomalous in the email itself
- Unassisted attacks on iOS 12 can be triggered (aka zero click) if the attacker controls the mail server
- The vulnerabilities exist at least since iOS 6 – (issue date: September 2012) – when iPhone 5 was released
- The earliest triggers we have observed in the wild were on iOS 11.2.2 in January 2018
