That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple says

Other critics also question evidence and say 0day may have been confused with simple bug. …

That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple saysreader comments

40 with 33 posters participating

Apple is disputing the accuracy of this week’s report that found attackers have been exploiting an unpatched iOS bug that allowed them to take full control of iPhones.

San Francisco-based security firm ZecOps said on Wednesday that attackers had used the zero-day exploit against at least six targets over a span of at least two years. In the now-disputed report, ZecOps had said the critical flaw was located in the Mail app and could be triggered be sending specially manipulated emails that required no interaction on the part of users.

Apple declined to comment on the report at the time. Late on Thursday night, however, Apple pushed back on ZecOps’ findings that (a) the bug posed a threat to iPhone and iPad users and (b) there had been any active exploit at all. In a statement, officials wrote:

Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.

A fair number of independent researchers have also questioned the ZecOps conclusion. Generally, the critics said that the evidence ZecOps based its

Continue reading – Article source

Similar Posts: