Exchange
Blockchain and crypto asset exchange
Academy
Blockchain and crypto education
Broker
Trading terminal solutions
Charity
Charity
Cloud
Enterprise exchange solutions
DEX
Fast and secure decentralized digital asset exchange
Labs
Incubator for top blockchain projects
Launchpad
Token Launch Platform
Research
Institutional-grade analysis and reports
Trust Wallet
Binance's official crypto wallet
Buy Crypto
Markets
Scan to Download App IOS & Android
Download
English
USD
Binance Blog
News and updates from the world’s leading cryptocurrency exchange
Stay #SAFU From This Recent iOS Mail App Vulnerability
2020-4-23

Dear Binancians,

Security is the No. 1 priority at Binance. Through our Binance Global Security Monitoring Network, we are constantly monitoring potential security threats and issues around the world that may affect our users.

This week, we’ve learned of a serious exploitable vulnerability in the built-in Mail app on Apple iOS, which was first disclosed by the ZecOps Research Team: 

“Following a routine iOS Digital Forensics and Incident Response (DFIR) investigation, ZecOps found a number of suspicious events that affecting the default Mail application on iOS dating as far back as Jan 2018. ZecOps analyzed these events and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time.”

The disclosed vulnerabilities have existed since iOS 6 (issue date: September 2012) and affect versions up to iOS 13. 

To ensure that you are not affected by this issue, we recommend that you do either of the following:

1. Disable the iOS Mail app.

Remove the iOS Mail app by pressing down on the app’s icon. Once all the app icons on the screen start moving, tap the X button in the upper-left corner to remove the Mail app. After that, go to Settings > Password & Accounts. Set Fetch New Data to "Manual" and disable "Push." Use dedicated email clients such as Gmail or Outlook, or a web browser such as Safari or Chrome, to access your email.

2. Upgrade to the latest iOS beta (iOS 13.4.5 beta).

You can do this by following the steps here: https://developer.apple.com/support/install-beta/

According to the ZecOps disclosure, “The vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13). Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails. Additional kernel vulnerability would provide full device access – we suspect that these attackers had another vulnerability. It is currently under investigation.”

We highly recommend that Binance users take action immediately in order to prevent potential fund security risks. iOS 13.4.5 will fix the vulnerability once it is publicly released by Apple.

Stay #SAFU with Binance.

Read more about enhancing your security measures at Binance Academy: Security and the Binance Blog:

Binance Blog
News and updates from the world’s leading cryptocurrency exchange
Apr 23
2020
Stay #SAFU From This Recent iOS Mail App Vulnerability

Dear Binancians,

Security is the No. 1 priority at Binance. Through our Binance Global Security Monitoring Network, we are constantly monitoring potential security threats and issues around the world that may affect our users.

This week, we’ve learned of a serious exploitable vulnerability in the built-in Mail app on Apple iOS, which was first disclosed by the ZecOps Research Team: 

“Following a routine iOS Digital Forensics and Incident Response (DFIR) investigation, ZecOps found a number of suspicious events that affecting the default Mail application on iOS dating as far back as Jan 2018. ZecOps analyzed these events and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time.”

The disclosed vulnerabilities have existed since iOS 6 (issue date: September 2012) and affect versions up to iOS 13. 

To ensure that you are not affected by this issue, we recommend that you do either of the following:

1. Disable the iOS Mail app.

Remove the iOS Mail app by pressing down on the app’s icon. Once all the app icons on the screen start moving, tap the X button in the upper-left corner to remove the Mail app. After that, go to Settings > Password & Accounts. Set Fetch New Data to "Manual" and disable "Push." Use dedicated email clients such as Gmail or Outlook, or a web browser such as Safari or Chrome, to access your email.

2. Upgrade to the latest iOS beta (iOS 13.4.5 beta).

You can do this by following the steps here: https://developer.apple.com/support/install-beta/

According to the ZecOps disclosure, “The vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13). Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails. Additional kernel vulnerability would provide full device access – we suspect that these attackers had another vulnerability. It is currently under investigation.”

We highly recommend that Binance users take action immediately in order to prevent potential fund security risks. iOS 13.4.5 will fix the vulnerability once it is publicly released by Apple.

Stay #SAFU with Binance.

Read more about enhancing your security measures at Binance Academy: Security and the Binance Blog: