ZecOps 0-click Mail

How to protect yourself from iOS/iPadOS Mail app security hole?

Security researchers found a very serious security hole in iOS/iPadOS’s default Mail app. It is so bad that you don’t even have to view the email to get infected. All it needs is for the email to be silently downloaded in the background!

However, while this security hole is serious, it is not an unmitigated disaster in terms of security. Fortunately, as my book explained, device operating systems are much more secure than their Mac/PC counterpart. As a result, the security breach is confined to only within the Mail app itself. It will only be an unmitigated disaster if this security breach leads to the exploitation of another security hole in the kernel of the operating system. Should that happen, then it will be game over in terms of security because the entire device will be compromised.

Security researchers have reported that this security hole is already exploited in the wild. So, it is important that you take action now. Here is what you need to do:

Disable the Mail app

This is a temporary measure while you wait for Apple to release a security fix in the upcoming iOS/iPadOS 13.4.5 update.

For now, it is wise to disable the Mail app. Unfortunately, this will mean that you can no longer use your device to check your email. Meanwhile, if you really need to check your email before Apple releases a new update, you will need to use another email app to do so.

There are many ways to do disable your Mail app:

  • Delete the Mail app. Fortunately, deleting the Mail app will not wipe out your email settings. Later, when you re-install the Mail app, you need to re-enable your email accounts via Settings > Passwords & Accounts.
  • Offload the Mail app. Go to Settings > General > iPhone (or iPad) Storage, locate the Mail app and then offload it. Later when you reinstall the app, you need to reenable your email accounts.
  • Disable your email accounts. You can go to Settings > Passwords & Accounts to disable your email accounts.

Install the upcoming update

The next iOS/iPadOS update that will fix this security hole is version 13.4.5. The current version is iOS 13.4.1.

For older devices that cannot run iOS beyond version 12.4.6 (e.g. iPhone 5s), I expect Apple to release a seperate update for them.

After you update your iOS/iPad to iOS 13.4.5, then you can re-enable your Mail app.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from iSecurityGuru

Subscribe now to keep reading and get access to the full archive.

Continue reading