Researchers are reporting two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1. Apple patched both vulnerabilities in iOS 13.4.5 beta, released last week. A final release of iOS 13.4.5 is expected soon.
Both vulnerabilities are are believed to have been actively exploited by an “advanced threat operator” since 2018, according to researchers at ZecOps that publicly disclosed the bugs in a research report published Wednesday.
Both bugs are remotely exploitable by attackers who simply send an email to victims’ default iOS Mail application on their iPhone or iPad.