CSqSecurity Advisory: iOS Zero-Day Vulnerability


On April 20th, 2020, ZecOps announced the discovery of two zero-day vulnerabilities affecting iOS devices including iPhone and iPad. Both vulnerabilities have existed since September 2012 and have been exploited in the wild since at least January of 2018.

If exploited, the pair of vulnerabilities allow remote threat actors to leak, modify, or delete emails in the Apple Mail App. Apple has released a beta version for iOS that fixes the issues, but this is currently only available for members of the Apple Developer Program.

Until a security update is widely released, we suggest that you disable the use of Apple mail on corporate devices and download an alternative, such as Microsoft Outlook.What we’re doing about it:

  • CSqSecurity teams are monitoring the situation for new information and will release an update once there is a patch available.

What you should do about it:

  • Consider disabling the Apple Main application and downloading an alternative mail application.
  • If you require Apple Mail and are a member of Apple’s Apple Developer Program, after performing a business impact review, update to iOS 13.4.5 beta.
  • Apply Apple iOS updates once they become available.
  • Contact your IT Support team for assistance
Gareth Broekmann
Gareth Broekmann
Gareth Broekmann founded Charles Square (CSq) in 2014 with the goal of becoming a one-stop shop for technology solutions for companies in the finance sector and regulated businesses across the globe. With over 15 years of experience in Financial Services, as head of CSq Operations Gareth is dedicated to making sure clients get the most out of their IT investments so they can focus on what matters: their business. His commitment to sustainability has led him to spearhead initiatives related to climate positivity and ESG implementation. In addition, he is an avid golfer and supports 11 UK based charities, highlighting his passion for giving back to local communities. Through its innovative services and commitment to social responsibility, CSq offers an unmatched value proposition that promises to serve its customers efficiently while improving society at large.