That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple says

That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple says

Enlarge (credit: Titanas)

Apple is disputing the accuracy of this week’s report that found attackers have been exploiting an unpatched iOS bug that allowed them to take full control of iPhones.

San Francisco-based security firm ZecOps said on Wednesday that attackers had used the zero-day exploit against at least six targets over a span of at least two years. In the now-disputed report, ZecOps had said the critical flaw was located in the Mail app and could be triggered be sending specially manipulated emails that required no interaction on the part of users.

Apple declined to comment on the report at the time. Late on Thursday night, however, Apple pushed back on ZecOps’ findings that (a) the bug posed a threat to iPhone and iPad users and (b) there had been any active exploit at all. In a statement, officials wrote:

Read 10 remaining paragraphs | Comments

Biz & IT – Ars Technica