A new iPhone email security bug may let hackers steal private data

Apple will patch a newly discovered iPhone vulnerability that security researchers say hackers have already used to steal data from their victims’ devices.

News of the vulnerability dropped Wednesday by security firm ZecOps. Zuk Avraham, the company’s chief executive, said the firm found the bug last year during a routine investigation. At least six organizations were targeted by attackers as far back as 2018, he said.

Avraham said the bug is in the iPhone’s default Mail app. By sending a specially crafted email to the victim’s device, an attacker can overrun the device’s memory, allowing the attacker to remotely run malicious code to steal data from the device, he said.