iOS 7 Security Flaw Leaves Stored Email Attachments Unencrypted [Updated]
Apple states that it uses data encryption to protect email message attachments, but a report from security researcher Andreas Kurtz, via ZDNet, claims iOS 7.0.4 and later does not include this security feature.
Kurtz detected this flaw in iOS by accessing the file system on an iPhone 4 running iOS 7.1 and 7.1.1. Browsing through the email folder for an IMAP account, Kurtz discovered that the email attachments were stored in an unencrypted state. Besides the iPhone 4, Kurtz also was able to reproduce this vulnerability on an iPhone 5s and an iPad 2 running iOS 7.0.4.
I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction
Kurtz reported this issue to Apple, which acknowledged the flaw, but provided no timetable for patching it. This isn't the first security issue Apple has faced this year. The company recently patched a serious SSL connection verification flaw in both iOS and OS X that allowed an attacker with a "privileged network position" to capture data protected by SSL/TLS.
Update 3:11 PM PT: In a statement given to iMore, an Apple spokesperson said the company is working on a fix for the issue.
"We're aware of the issue," an Apple spokeswoman told iMore, "and are working on a fix which we will deliver in a future software update."
Popular Stories
Apple has stopped production of FineWoven accessories, according to the Apple leaker and prototype collector known as "Kosutami." In a post on X (formerly Twitter), Kosutami explained that Apple has stopped production of FineWoven accessories due to its poor durability. The company may move to another non-leather material for its premium accessories in the future. Kosutami has revealed...
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
The upcoming iOS 17.5 update for the iPhone includes only a few new user-facing features, but hidden code changes reveal some additional possibilities. Below, we have recapped everything new in the iOS 17.5 and iPadOS 17.5 beta so far. Web Distribution Starting with the second beta of iOS 17.5, eligible developers are able to distribute their iOS apps to iPhone users located in the EU...
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. The lack of ...
The lead developer of the multi-emulator app Provenance has told iMore that his team is working towards releasing the app on the App Store, but he did not provide a timeframe. Provenance is a frontend for many existing emulators, and it would allow iPhone and Apple TV users to emulate games released for a wide variety of classic game consoles, including the original PlayStation, SEGA Genesis,...
Top Rated Comments
Probably this security flaw affects 0.0001% of iOS users but everyone will think "OMG another security flaw!!!11" :rolleyes:
If things aren't broken, fix them till they're broken.