Apple will patch a newly discovered iPhone vulnerability that security researchers say hackers have already used to steal data from their victims’ devices.
News of the vulnerability shared by security firm ZecOps. Zuk Avraham, the company’s chief executive, said the firm found the bug last year during a routine investigation. At least six organizations were targeted by attackers as far back as 2018, he said.
Avraham said the bug is in the iPhone’s default Mail app. By sending a specially crafted email to the victim’s device, an attacker can overrun the device’s memory, allowing the attacker to remotely run malicious code to steal data from the device, he said.
iPhone vulnerabilities are some of the most valuable bugs for hackers because they are so difficult to find.
When reached, an Apple spokesperson did not immediately comment. Motherboard, which first reported the story, said the bug has been fixed in a beta version of the software, and a fix will be rolled out in an upcoming update.
Until then, high-risk users should disable the Mail app for now