Security researchers found a severe flaw in iPhone and iPads that may have allowed hackers to steal data for years

Security researchers have discovered a flaw in iPhone and iPad that may have left more than half a billion users vulnerable to hackers. The bug was discovered by ZecOps, a San Francisco-based mobile security forensics firm. In a report published today, the firm said it found out about the bug while it was investigating a sophisticated cyberattack against a client that took place in late 2019.

“The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS MobileMail application on iOS 12 or maild on iOS 13. Based on ZecOps Research and Threat Intelligence, we surmise with high confidence that these vulnerabilities – in particular, the remote heap overflow – are widely exploited in the wild in targeted attacks by an advanced threat operator(s),” the report reads. The firm says the vulnerability has existed in the Mail app since at least iOS 6, which was released in 2012.

Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the tech giant had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.

Another research firm, Avraham, published a report on Wednesday that the company found evidence that a malicious program was taking advantage of the vulnerability in Apple’s iOS mobile operating system as far back as January 2018. The company suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.

However, Apple declined to comment on Avraham’s research.