Update 25.5.: With iOS 13.5 and 12.4.7, according to security researchers, Apple has fixed vulnerabilities that allowed manipulation of the email inbox.
The iOS app "Mail" is retroactively affected by two serious security bugs on all iOS versions up to iOS 6. The German Federal Office for Information Security (BSI) assesses these vulnerabilities as particularly critical. With the current iOS 13, simply receiving malicious mail is sufficient to trigger the vulnerability.
How do I protect myself?
The BSI recommends:
- Deleting the "Mail" app or deactivating the synchronization.
- After implementing point 1, other apps or webmail can be used to check and read emails until further notice.
- The iOS update announced by Apple should be installed as soon as possible, as soon as it is available
Are iPhone and iPad affected?
Up to version 12, iOS was the operating system for iPhone and iPad. With version 13, the operating system for the iPad was renamed to iPadOS. iPadOS emerged from iOS 12 - just over half a year ago. The current version (as of April 25, 2020) of iOS is 13.4.1 and the current version of iPadOS is also 13.4.1. It must therefore be assumed that both iOS and iPadOS are affected, and thus all iPhones and iPads at least since 2012. The Apple company maintains a low profile on this topic.
What about other Apple devices?
The operating system of MacBooks, iMacs, Mac Pro or Mac mini is called MacOS or OS X - that's why all version numbers start with '10.'. The MacOS operating system does not seem to be affected. All MacOS versions have an epithet. Until 2012 these were big cats and then natural landmarks of California:
- MacOS Catalina (10.15.4)
- MacOS Mojave (10.14.6)
- MacOS High Sierra (10.13.6)
These three versions are officially supported and receive regular security updates - most recently in March 2020. Older MacOS versions no longer receive a security update and should - regardless of the current warning - be upgraded. Upgrading an old Mac (MacOS Sierra 10.12 or earlier) can be problematic. In order to avoid data loss, you should therefore contact us beforehand.