The current iOS mail bug is a vulnerability in the rendering engine embedded in iOS on Apple mobile devices. As things stand at present, an exploit cannot be reliably detected based on the characteristics of the affected emails. There are countless variants conceivable. Therefore, these exploits are currently almost invisible to filter systems. SecuMail is also not yet able to reliably detect and filter compromised emails.

The vulnerability can be used for triggered crashes of the devices up to the execution and installation of third-party software and can therefore be classified as critical.

What is important about the iOS Mail bug:

• All versions from iOS 6 onwards are affected.
• The problem is in the iOS operating system and can only be fixed by an iOS update. Just updating the Mail app doesn’t help.
• Some sources even speak of “zero-click” exploits that can become active without an email being actively “read”.
• It is probably enough to deactivate the “Mail” app on iOS. Consequently, it may be possible to switch to other mail clients.
• The bug is probably already being actively exploited.

We therefore recommend that you currently prevent the use of the iOS Mail app (possibly also ActiveSync) until the iOS on iPhones and iPads has received the upgrade (13.4.5).

Here are some sources on the subject:

https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/

https://www.heise.de/mac-and-i/meldung/Mail-Bugs-BSI-warnt-vor-iOS-4708945.html

https://www.sueddeutsche.de/digital/apple-it-sicherheit-mailprogramm-1.4886625

Best regards,
Your SecuMail Team