Apple (NASDAQ:AAPL) acknowledged on Wednesday the existence of a security flaw that may have left more than 500 million iPhones vulnerable to intrusion.
The flaw was discovered by widely known white-hat and security researcher Zuk Avraham, founder and CEO of mobile security forensics company ZecOps. Avraham published his research on Wednesday, which suggests that hackers may have been using a malicious program to exploit the vulnerability for more than two years, gaining unauthorized access to Apple's iOS operating system going back to January 2018.
To initiate the attack, hackers would send what appeared to be a blank email that would crash the iPhone when the user attempted to open the message. This crash allowed hackers to gain entry into the device, giving them access to a wide variety of data, including confidential emails, contact details, and photos, among others.
Avraham said he was able to recreate the circumstances of the exploit based on information gathered from "crash reports," the data that's collected and reported when a device crashes in the midst of an operation. The findings have been reviewed by two other independent security researchers, who concluded that the data regarding the threat was credible.
While Apple refused to comment on the specifics of the report, a spokesperson for the company confirmed that a vulnerability exists in its Mail app on both iPhones and iPads, and that it had developed a solution. Apple plans to roll out the fix in a soon-to-be-released update that will correct the flaw on hundreds of millions of devices.
Apples has previously said that it has more than 1 billion active devices in use, so this flaw likely impacts the majority of existing iPhones and iPads.