Latest news

Avoid the iOS mail App Vulnerability to ensure the safety of funds

2020-04-24 05:160304

___________.jpg

Constantly monitoring potential security threats is the No. 1 priority at Bitget !

This week, we have learned of a serious exploitable vulnerability in the built-in Mail app on Apple iOS, which was first disclosed by the ZecOps Research Team.

According to the article:

“Following a routine iOS Digital Forensics and Incident Response (DFIR) investigation, ZecOps found a number of suspicious events that affecting the default Mail application on iOS dating as far back as Jan 2018. ZecOps analyzed these events and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time.”

The disclosed vulnerabilities have existed since iOS 6 (issue date: September 2012) and affect versions up to iOS 13.

To ensure that you are not affected by this issue, we recommend that you do either of the following:

1. Disable the iOS Mail function

Remove the iOS Mail function by pressing down on the app’s icon. Once all the app icons on the screen start moving, tap the X button in the upper-left corner to remove the Mail app. After that, go to Settings > Password Accounts. Set Fetch New Data to "Manual" and disable "Push." Use dedicated email clients such as Gmail or Outlook, or a web browser such as Safari or Chrome, to access your email.

2. Upgrade to the latest iOS beta (iOS 13.4.5 beta).

You can do this by following the steps here: https://developer.apple.com/support/install-beta/

According to the ZecOps disclosure, “The vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13). Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails. Additional kernel vulnerability would provide full device access – we suspect that these attackers had another vulnerability. It is currently under investigation.”

We highly recommend that Bitget users take action immediately in order to prevent potential fund security risks. iOS 13.4.5 will fix the vulnerability once it is publicly released by Apple.

Bitget Team

Apr 24, 2020

【Contact Us】

Customer Services:support@bitget.com

Market Cooperation:BD@bitget.com

Quantitative Market Maker Cooperation:partnership@bitget.com

【Official Channel】

Official Website

Official English Telegram Group

Twitter

Facebook

Youtube

Medium

Reddit

Linkedin

Instagram

【Platforms Bitget Settled in 】

CMC

CoinGecko

Cryptoadventure