2020-05-25

Critical security vulnerability in mail app for iPhone and iPad

Critical security problems in the mail app for iPhone and iPad detected! An official warning has been issued. BSI considers the vulnerabilities to be "especially critical".

Security vulnerability in iOS Mail App

May 25, 2020 - Updates for iOS 13 and iOS 12 fix vulnerability

The company Apple now distributes updates for iOS 13 and iOS 12, which especially fix the vulnerability in the standard mail app "Mail".

After updating to iOS 13.5 or iOS 12.4.7, the "Mail" app can be used again.

The updates are distributed OTA (Over the Air). You can check the deployment for your device under "Settings - General - Software update".

The SCC will provide you with a short guide to update iOS and reinstall the Mail app.

 

Notification of 8 May 2020

Apple has announced that the vulnerability will be closed with security update 13.5. Beta tests are currently running. It is therefore expected that Apple will release the update in mid-May 2020.

After installing the update, the mail app will be usable again.

Even if you are not used to the standard mail app "Mail" until then, you can still read e-mails on your iPhone or iPad by using Outlook Web Access at https://owa.kit.edu via a web browser (e.g. Safari or Microsoft Edge) to access the KIT Exchange Server.

We will inform you when the announced update from Apple is available. In addition, we are preparing instructions on the SCC website on how to reinstall the "Mail" app and put it into operation.

 

Notification of 24 April 2020

A serious vulnerability has been found in the standard mail app "Mail" of iOS devices (iPhones and iPads). Mac computers running MacOS are not affected.
According to the recommendations of the BSI, please refrain from using the "Mail" app on iPhones and iPads.

Use of the "Mail" app is temporarily prohibited for devices provided for business purposes.

Procedure: Please temporarily delete the "Mail" app from your device.

For information on how to delete apps from your iPhone or iPad, please visit support.apple.com/de-de/HT207618.

If additional mailboxes are connected to the iOS Mail app, make sure that the contents are backed up before deleting the app.

Apple has announced that the vulnerability will be closed with the soon expected security update 13.4.5. We will inform you as soon as the update is available. In addition, we will soon provide you informations on how to reinstall the "Mail" app and put it back into operation.

To continue reading mails on the iPhone or iPads, please use Outlook Web Access at owa.kit.edu via a web browser.

Sources:
www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2020/Warnung_iOS-Mail_230420.html
blog.zecops.com/vulnerabilities/youve-got-0-click-mail/

Michael Gehle