Apple recently confirmed a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers. New information reveals the flaw is even bigger.
In April a bug, which also exists on iPads, was discovered by ZecOps, a San Francisco-based mobile security forensics company.
ZecOps claims the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. By itself, the flaw could have given access to whatever the Mail app had access to, including confidential messages.
Hackers targeted Chinese government over coronavirus response
However, according to new evidence discovered by ZecOps, every iPhone ever made is vulnerable to the hacking.
“We continued our research of the MailDemon vulnerability,” said Zuk Avraham, CEO ZecOps.
“We were able to prove that this vulnerability can be used for Remote Code Execution. Unfortunately, a patch is still not available.”
ZecOps in a blog post explains both the vulnerability and triggers, which it reports date all the way back to October 22, 2010, on an original 2G iPhone running iOS 3.1.3.
“One thing is certain, there were triggers in the wild for this vulnerability since 2010” the company explains.
Flaw in iPhone, iPads may have allowed hackers to steal data for years
Patrick Wardle, an Apple security expert and former researcher for the US National Security Agency, said the discovery “confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices.”
Apple is reportedly working on fixing this vulnerability in its upcoming iOS 13.5 release which is great news for owners of the iPhone 6S and newer.
However, there is no news whether the company will release a patch for previous iOS versions to protect older devices still in use.
To protect your devices the safest course of action is to disable the iOS Mail app and switch to Gmail or Outlook, neither of which are vulnerable, according to ZecOps.
This article originally published on Forbes.