The flaw had not previously been disclosed to Apple, making it extremely valuable to a variety of bad actors. ZecOps says it believes “with high confidence that these vulnerabilities... are widely exploited in the wild in targeted attacks by an advanced threat operator(s).” ZecOps believes that at least six high-profile targets were victims of the exploit, including an executive from a mobile carrier in Japan and “individuals from a Fortune 500 company in North America.”
[...] “The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13,” the report reads. ZecOps says the vulnerability, which underlies at least two related iOS zero-day exploits, has existed in the Mail app since at least iOS 6, which was released in 2012.
Beware guys, log out from Apple's mail app, use Outlook or Edison instead then change your password.
Source:
https://www.theverge.com/2020/4/22/21231454/apple-iphone-zero-day-exploit-security-flaw-mail-app-ios-zec-ops
