A new report has revealed new cybersecurity threats. According to vulnerability assessment experts, ZecOps says multiple iPhone models are exposed to exploiting an Apple Mail-related vulnerability. Apparently, exploiting this security flaw only depends on users downloading a file contained in an email.
According to the researchers, at least six attack targets have been detected, including employees of major telecommunications companies in Japan, a major US company, various technology companies in Israel and two European entrepreneurs.
Vulnerability assessment experts were unable to analyze the code used by hackers, as emails including this malware are removed from the target users’ smartphones.
Apple has already received several reports of this flaw, so the company must already be working on fixes in its iOS beta. It should be noted that this error has not been fixed in the latest version of iOS in public use (v13.4.1). Experts expect the next operating system update to include the necessary fixes.
Multiple Air Share v1.2 iOS vulnerabilities
Air Share is a tool to transfer music, videos, documents, photos or any file from a PC/Mac to an iPhone or iPad by simply dragging and dropping. Vulnerability assessment experts discovered multiple XSS vulnerabilities in the Air Share v1.2 app for iOS.
If exploited, this vulnerability would allow remote threat actors to inject malicious code, compromising client-side and iOS application requests.
Reports include two vulnerabilities:
- The first failure resides in the ‘path’ parameter of the ‘list’ and ‘download’ exception handling. A remote threat actor could inject malicious code into the parameter to manipulate the output context of the Air Share user interface error message, resulting in a hijacking of the user’s session
- The second fault resides in the ‘devicename’ parameter shown at the top next to the Air Share index list. A remote hacker could inject malicious scripts by manipulating the Apple device name information. Successful exploitation of this flaw leads to session hijacking, phishing attacks, targeted user redirection to other sites, among other malicious activities
For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
