The security researcher Andreas Kurtz discovered a very dangerous flaw in the mobile operating system ( iOS ) of Apple. Vulnerability is about her encryption του ηλεκτρονικού ταχυδρομείου. Ο Kurtz αναφέρει ότι η Apple γνωρίζει τα συμπεράσματά του, αφού την ενημέρωσε άμεσα, αλλά η εταιρεία δεν διόρθωσε το πρόβλημα.
Sometime last month, Kurtz noticed that the email attachments in the application Company mail is not protected by Apple. The company states that it uses all necessary security mechanisms to protect data. Kurtz confirmed the vulnerability using an iPhone 4 with the latest firmware and an IMAP account.
Kurtz says, "I verified this with an iPhone 4 (GSM) device updated with the latest versions of iOS (7.1 and 7.1.1). I created an IMAP email account to test emails and attachments. ”
“I then shut down the device and was able to access the system files, using the well-known techniques DFU mode, custom ramdisk, SSH over usbmux. Finally, I mounted the iOS data partition and browsed to the device's actual email folder. Through this folder, I had access to all content that had no encryption or restriction.”
The hacker was able to break the latest version of the iPhone as well as the second-generation iPad running iOS 7.0.4. Despite its warnings to Apple, the company from Cupertino did not fix the error with the release of iOS 7.1.1. Kurtz even claims that the company was aware of the error before he notifies them.
"I reported the error to Apple," Kurtz said. "They replied that they knew it, but did not say when they would fix it. Given the length of time available for iOS 7 and the severity of the email attachments vulnerability, I was expecting a patch very quickly. "Unfortunately, even today iOS 7.1.1 does not fix the issue, leaving users at risk."
The specialist in issues security offers a solution for users who are concerned that their data may end up in the wrong hands:
"As a temporary solution, interested users can turn off mail synchronization (at least on devices that bootrom can take advantage of and allow)," says Kurtz.