Tuesday, July 14, 16:13
Home security Apple disputes ZecOps over exploitation of iOS vulnerabilities

Apple disputes ZecOps over exploitation of iOS vulnerabilities


Η Apple issued a statement stating that it had "thoroughly investigated" its recent report ZecOps about them hackers which took advantage of three iOS zero-day vulnerabilities, but “they didn't find it data to prove that vulnerabilities were used against customers ”.

The day before yesterday, one was published report from the company security ZecOps, which said in detail that three iOS vulnerabilities affected it Apple Mail client.

ZecOps said vulnerabilities had been used by hackers to carry out attacks on VIP targets:

  • Employees of Fortune 500 companies in North America
  • An executive of a transport company in Japan
  • A VIP from Germany
  • MSSP from Saudi Arabia and Israel
  • A journalist in Europe
  • And most likely, a director of a Swiss company

However, in a report published by Apple, he says that he examined the details that ZecOps announced in its report and did not come to the same conclusion, that is, the vulnerabilities have been used by hackers.

Apple's full statement is as follows:

"Apple is taking all the reports seriously threats for safety. We have thoroughly researched the researchers' report and, based on the information provided, We have come to the conclusion that these issues are not immediate risk for users us. The researchers identified three issues in the Mail, but only those they are not enough to bypass their security protections iPhone and iPad and we didn't find it data to prove that they were used against our customers. These possible issues will soon be addressed with one software update. We value our cooperation with security researchers to keep our users safe and we thank the researchers for their help. "

The ZecOps survey provoked reactions not only from Apple but also from Twitter. Several iOS security researchers disputed that the errors had been used in attacks.

ZecOps researchers believe vulnerabilities are being used by hackers because of crash logs found in device.

These crash logs have been interpreted as attempts to exploit vulnerabilities.

ZecOps said the failed operation left a void e-mail and a crash log on the device. According to the company, the successful operation leads to the deletion of blank emails to hide the attacks.


Security researchers have noted that if the intruder can delete emails, he or she may also delete crash logs.

The opposite view is that the researchers simply saw the problem emails that trigger an error (not malicious), and not malicious attacks against iOS users. Apple needs more data to sort these crash bugs as attacks.


Responding to a Reuters report today, ZecOps promised to release more information about the errors when Apple released an updated version of the code.

Errors have been corrected 13.4.5 iOS beta and the repair is expected to reach the iOS stable channel in the coming weeks.

ZecOps' full statement is as follows:

"According to ZecOps, there were attacks due to these vulnerabilities in some organisms. We want to thank Apple for working on a code update and look forward to updating our devices as soon as it's available. ZecOps will release more information and POCs when the update is available. "

The existence of errors has never been disputed, neither by Apple nor by the security community. In addition, it is recommended to install the version iOS 13.4.5when it's released.

In a statement, Apple wanted to make it clear that it was taking into account the researchers' reports, but said that the conclusion of this report could not be verified, at least for the time being.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!


Google Meet: New security settings for training meetings

New security features are coming into the Google Meet video chat app for education subscribers' teleconferencing.

Technology companies against the deportation of foreign students from the USA!

Technology giants such as Google, Microsoft and Facebook, as well as many other technology companies, have joined the US Chamber of Commerce, ...

Microsoft announces new features in ATP for Azure Storage!

Microsoft announced today that Advanced Threat Protection (ATP) for Azure Storage now enables customers to protect ...

The UK is on the alert for cyber attacks from China

The United Kingdom must be vigilant about possible cyber attacks by countries such as China, government ministers have said.

Linux 5.8-rc5: Will be released with terminology changes

On July 4, Dan Williams proposed changing the special terms of Linux, with new names ...

Belgium: Jackpotting attack on Argenta bank ATM

Argenta Bank, based in Antwerp, Belgium, has been the victim of a jackpotting attack. Is...

Apple's $ 25 compensation for "batterygate"

In March, Apple agreed to distribute up to $ 500 million to US users, as part of a settlement that came from the iPhone ...

Pentagon: Joint AI Center tests the first lethal projects

The new director of the Joint Artificial Intelligence Center (JAIC), Nand Mulchandani, gave his first press conference at the Pentagon on July 8, ...

Data of 40.000 US citizens leaked to the Dark Web

According to a new survey, the information of more than 40.000 US citizens, along with their social security numbers have been exposed ...

LiveAuctioneers: The auction site has suffered a data breach!

LiveAuctioneers has revealed that it suffered data breach after a data breach broker started selling 3,4 million stolen user files in one ...