iOS Mail actively exploited

Apple’s iOS devices are being actively, remotely hacked via unpatched zero-click email attacks on Apple’s Mail app. Really (extremely) not good…

You’ve Got (0-click) Mail! Unassisted iOS Attacks via MobileMail/Maild in the Wild

  • The vulnerability allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory
  • The vulnerability does not necessarily require a large email – a regular email which is able to consume enough RAM would be sufficient. There are many ways to achieve such resource exhaustion including RTF, multi-part, and other methods
  • The heap overflow vulnerability is exploited in the wild
  • The vulnerability can be triggered before the entire email is downloaded, hence the email content won’t necessarily remain on the device
  • We are not dismissing the possibility that the attackers deleted any remaining emails following a successful attack
  • Attack on iOS 13: Unassisted (/zero-click) attacks on iOS 13 when Mail application is opened in the background
  • Attack on iOS 12: The attack requires a click on the email. The attack will be triggered before rendering the content. The user won’t notice anything anomalous in the email itself
  • Unassisted attacks on iOS 12 can be triggered (aka zero click) if the attacker controls the mail server
  • The vulnerabilities exist at least since iOS 6 – (issue date: September 2012) – when iPhone 5 was released

Flaw in iPhone, iPads may have allowed hackers to steal data for years
An Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.

Apple declined to comment on Avraham’s research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.

EtreCheckPro

EtreCheckPro is an essential Mac troubleshooting and security app from Etresoft (John Daniel) that analyzes many hardware and software details and prepares a report (with personal information removed) detailing configuration information and potential problem areas, such as adware infections (which it can remove), potential malware, third-party kernel extensions and launch daemons; Internet plug-ins; processor and memory hogs; virtual memory usage and more.

Features include specific problem reports, categorized as serious or minor, plus extensive information grouped into multiple categories, including things like software installs, Safari extensions, launch agents and daemons, software crashes, etc., plus a report to flag 32-bit apps that will not run in macOS 10.15 Catalina (including Apple’s own QuickTime Player 7 and DVD Player, for example, among many other Mac apps).

EtreCheckPro 6.2.3 is a free download for OS X 10.9 and up. An optional Power User package is available for $14.99, providing richer reports and built-in troubleshooting aids (see below). The latest release includes more macOS Catalina accomodations and other changes.

EtreCheck also provides a Power User in-app purchase that goes beyond the text-based report. It displays a rich, interactive interface that provides links to additional information, charts and graphs, and information to help you learn more about the details of your computer. If you don’t want to post your EtreCheck report publicly, the Power User package can also generate solutions to your computer problems using our AI-driven diagnostic engine. A Solution will include solutions for each major and minor issue, and, in most cases, one or more step-by-step instructions to help you fix your computer problems yourself.

DetectX Swift

DetectX Swift is a unique and useful Mac security app from Phil Stokes that scans for malware and also tracks critical changes to your system, such as installation (or removal) of kernel extensions, launch agents, applications, etc. As Stokes explains,

DetectX Swift uses a combination of hardcoded search definitions along with live updates and predictive heuristics to detect both known and unknown threats and issues. It provides the user with multiple analytical capabilities regarding both the system’s current state and changes to its state over time related to its ongoing security and performance.

The essential functions of DetectX Swift are:

  1. detection of malware (and other problematic software),
  2. detailed system profiling, and
  3. system change tracking/history.

If a search flags potential problems, you can whitelist or delete items. The profile feature includes a myriad of details, while a Folder Observer lets you track changes to critical launch folders (even when DetectX Swift isn’t running). (A user guide [PDF] and video tutorials provide more details.)

DetectX Swift 1.093, for OS X 10.11 and up, is distributed as $10 shareware for a Home version, $49.99 for a Pro version (for small teams) or $349 for the Management edition (for more than 20 Macs). Pro and Management versions include a command-line program, integration with Jamf Pro and Munki, and preference profile management (see features comparison). The latest release updates malware and adware search heuristics.

Discussions

MacInTouch Community discussions include the following current topics (among others):

  • 2019 Mac Pro – gaming and GPU issues
  • Apple security – invisible updates, Apple Pay charges
  • Audio – Sonos port blocking and DNS blackholing
  • Bluetooth – new standard and audio capabilities
  • Competition – Intel Ghost Canyon NUC; Ryzen 4000, Tiger Lake
  • Fonts – Adobe changes, Affinity support, conversion, OpenType
  • Input devices – Contour and Logitech mice
  • Linux – MacBook Pro graphics failure workarounds
  • macOS Catalina – protection problems, Users location/migration
  • Malware – North Korean Mac malware, ad blockers, nasty phishing trick
  • Migration – missing macOS installers
  • Misc. – new vs. old tractors/technology
  • Photography – web hosting options, experiences, etc.
  • Security – IoT, firewalls and Ring cameras
  • Tax software – prices, capabilities, compatibility, etc.

Discussions

Adobe security discussion warns of a nasty deception with Adobe Reader and Adobe Acrobat claiming everything is up to date and secure while users are actually exposed to critical vulnerabilities!

MacInTouch Community discussions also include the following topics, among recent updates and others:

Discussions

MacInTouch Community discussions include the following current topics, among others:

Discussions

2019 Mac Pro notes talk about storage upgrade issues, historical price comparisons, Thunderbolt video compatibility and bandwidth, 2013 Mac Pro obsolescence/support, Windows PC comparisons, tech support for $50K+ customers, Apple wheels, iFixit fun, component costs and other pricing/design factors, cheap RAM, an impressive Ryzenshine AMD-based hackintosh, road-robust design, the halo effect, and more.

Virtualization discussion looks at 32-bit support within macOS Catalina; issues with cloning/importing/booting disk volumes; standard VM formats; compatibility and update concerns; Parallels vs. VMware; archive formats; performance experiences; VirtualBox extension licenses; and more.

MacInTouch Community discussions also include the following topics, among others:

  • Adobe/alternatives – Affinity excitement; IDMarkz InDesign conversions
  • Antivirus software – suggestions for mom; Avast and F-Secure
  • Apple quality – iPhone/iPad scratches, cases
  • Apple security – hidden processes; silent updates/changes; parental control bypass bug
  • Audio – 64-bit apps for pop and click cleanup
  • Displays – BenQ EW3270U, Pro Display XDR compatibility, dual-panel (LMCL) technology, ProArt PA32UCX
  • File systems – APFS version confusion, detective work
  • iMacs – $1399 iMac 5K; RAM upgrades
  • iOS 13 – “bugs galore”, UI problems, update issues, file servers optimized charging
  • Mac Mini – OWC SSD upgrade confusion
  • MacBook Pro – 16-inch audio bug partial patch?
  • macOS Catalina – VueScan, QuickTime, 16-inch MacBook Pro and Mojave, dictation deprecation
  • Malware – malicious ads inject malware into iPhones from mainstream websites…
  • Migration – macOS choices for older Macs
  • Networking – AFP vs NFS vs SMB Performance
  • Old systems – publishers and preservation; Fortran; old Mac speed; Copland
  • Scams – snail mail and phone scams, and related advice
  • Security – Ring device invasions, etc.
  • Tax software – privacy/security issues and options
  • Thunderbolt – cellphone-triggered disconnects; OWC dock