Before this gets patched by Apple, hundreds of millions of iOS devices—iPhones and iPads—are potentially vulnerable to this hack, which targets the default Mail app on your device.Torsten Dettlaff / Pexels
A security researcher at ZecOps discovered a vulnerability in the iOS Mail app that he claims has been exploited since 2018. Apple confirmed the exploit with Reuters, and said a patch to address the issue was forthcoming.
The details: According to the researcher, the attack starts with an email made to overwhelm the Mail app. Once the email is received (iOS 13) or clicked (iOS 12), it could allow a remote hacker access to your device. The attack does not require a large email, either, according to the researcher.
Since when? The vulnerability has reportedly existed since iOS 6 and the iPhone 5, though the researcher only claims 2018 as the earliest examples found "in the wild."
Who is affected: Anyone who owns an iPhone or iPad is at this point a potential target. It's not likely hackers want to control your iPhone, however. The researcher claims that individuals from an unnamed Fortune 500 company from North America, an executive from a Japanese carrier, a VIP in Germany, and a journalist in Europe have been hacked using this method.
What to do: Until Apple issues a patch, you can stop using Mail on iOS to avoid the issue altogether. Apparently, iOS 13.4.5 beta has the patched files, so you could try upgrading to that, though it comes with a host of caveats around using beta software. You can also use a third-party app like Gmail to avoid the issue altogether until the patch is out of beta.
Bottom line: The researcher notes in a FAQ that a hacker gaining complete access to your device would require other bugs not currently accessible in iOS, but that Mail app users are vulnerable to the exploit. Ultimately, you probably don't have to worry too much about your own iPhone or iPad, as Apple will issue a fix soon.