By 
Cybersecurity firm ZecOps said on Thursday that it found what seems to be manipulation attempts using a new iOS flaw.
Tech giant Apple is currently probing the issue, and the company is preparing a security update that will shortly be available.
ZecOps said in a report that it found proof that cybercriminals have been using an iOS bug since January 2018. As per experts, the new iOS exploit seems to have been leveraged as part of crooked emails sent to high-profile iOS users.
ZecOps investigators say the attack is a zero-click activity that doesn’t need users to interact with the email. They said that the exploit doesn’t activate in Gmail or other email clients.
“The vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13),” the ZecOps team said. “Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails.”
The security firm said the exploit doesn’t give control over the full device, and that a hacker would also need an additional iOS kernel flaw.
“We suspect that these attackers had another vulnerability. It is currently under investigation,” ZecOps said.
The company said that until today it had spotted misuse attempts against a number of targets.
“We believe that these attacks are correlative with at least one nation-state threat operator or a nation-state that purchased the exploit from a third-party researcher in a Proof of Concept (POC) grade and used ‘as-is’ or with minor modifications,” ZecOps said.
ZecOps was reluctant to name the “nation-state” group who they think was misusing this bug.
