Session hijacking & malware injection vulnerabilities found in Apple Mail app and AirShare affecting iPhone, iPad & Mac

A new report has revealed new cybersecurity threats. According to vulnerability assessment experts, ZecOps says multiple iPhone models are exposed to exploiting an Apple Mail-related vulnerability. Apparently, exploiting this security flaw only depends on users downloading a file contained in an email.

According to the researchers, at least six attack targets have been detected, including employees of major telecommunications companies in Japan, a major US company, various technology companies in Israel and two European entrepreneurs.

Vulnerability assessment experts were unable to analyze the code used by hackers, as emails including this malware are removed from the target users’ smartphones.

Apple has already received several reports of this flaw, so the company must already be working on fixes in its iOS beta. It should be noted that this error has not been fixed in the latest version of iOS in public use (v13.4.1). Experts expect the next operating system update to include the necessary fixes.

Multiple Air Share v1.2 iOS vulnerabilities

Air Share is a tool to transfer music, videos, documents, photos or any file from a PC/Mac to an iPhone or iPad by simply dragging and dropping. Vulnerability assessment experts discovered multiple XSS vulnerabilities in the Air Share v1.2 app for iOS.

If exploited, this vulnerability would allow remote threat actors to inject malicious code, compromising client-side and iOS application requests. 

Reports include two vulnerabilities:

  • The first failure resides in the ‘path’ parameter of the ‘list’ and ‘download’ exception handling. A remote threat actor could inject malicious code into the parameter to manipulate the output context of the Air Share user interface error message, resulting in a hijacking of the user’s session
  • The second fault resides in the ‘devicename’ parameter shown at the top next to the Air Share index list. A remote hacker could inject malicious scripts by manipulating the Apple device name information. Successful exploitation of this flaw leads to session hijacking, phishing attacks, targeted user redirection to other sites, among other malicious activities

For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.