The Mail App, like all other apps on iOS, runs in a sandbox, sequestered from all other apps and data. In addition, once the iPhone or IPad crashes and restarts, anything an App that crashed it will have been doing is flushed in the restart and the user is required to renter the passcode. To effect anything, an email must be first be opened, and In iOS, NOTHING in email runs automatically, no scripts, etc., so something in the email must be a link clicked on! It’s not automatic; it may look like an empty email, but its not.
ZEC is claiming 0 click and that it works on receipt of the email, and further that it works since iOS 11. I call BS on that. In fact, this looks exactly like the exact same claim they made last year. They claim they were working with Apple on a fix which was incorporated in the last iOS 13.4.5 beta as of April 15th, but if thats so, you don’t knife Apple in the back with a public press release before its actually rolled out! I suspect deliberate FUD.
In fact, ZEC does not even describe it as an “exploit” but always refer to it as a vulnerability, talking about suspicions that something “may” have happened. This was the exact same phrasing they used the last time they announced this “discovery.”
For all of this to work, according to ZEC, requires the attacker to have control of your email server. . . If thats the case, you’ve got more serious problems than someone getting access to some of your contacts and your photos.— PING!
APPLE iOS SECURITY PING!
If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.