Stay #SAFU From This Recent iOS Mail App Vulnerability

2020-04-23

Dear Binancians,

Security is the No. 1 priority at Binance. Through our Binance Global Security Monitoring Network, we are constantly monitoring potential security threats and issues around the world that may affect our users.

This week, weā€™ve learned of a serious exploitable vulnerability in the built-in Mail app on Apple iOS, which was first disclosed by the ZecOps Research Team:Ā 

ā€œFollowing a routine iOS Digital Forensics and Incident Response (DFIR) investigation, ZecOps found a number of suspicious events that affecting the default Mail application on iOS dating as far back as Jan 2018. ZecOps analyzed these events and discovered an exploitable vulnerability affecting Appleā€™s iPhones and iPads. ZecOps detected multiple triggers in the wild to this vulnerability on enterprise users, VIPs, and MSSPs, over a prolonged period of time.ā€

The disclosed vulnerabilities have existed since iOS 6 (issue date: September 2012) and affect versions up to iOS 13.Ā 

To ensure that you are not affected by this issue, we recommend that you do either of the following:

1. Disable the iOS Mail app.

Remove the iOS Mail app by pressing down on the appā€™s icon. Once all the app icons on the screen start moving, tap the X button in the upper-left corner to remove the Mail app. After that, go to Settings > Password & Accounts. Set Fetch New Data to "Manual" and disable "Push." Use dedicated email clients such as Gmail or Outlook, or a web browser such as Safari or Chrome, to access your email.

2. Upgrade to the latest iOS beta (iOS 13.4.5 beta).

You can do this by following the steps here: https://developer.apple.com/support/install-beta/

According to the ZecOps disclosure, ā€œThe vulnerability allows to run remote code in the context of MobileMail (iOS 12) or maild (iOS 13). Successful exploitation of this vulnerability would allow the attacker to leak, modify, and delete emails. Additional kernel vulnerability would provide full device access ā€“ we suspect that these attackers had another vulnerability. It is currently under investigation.ā€

We highly recommend that Binance users take action immediately in order to prevent potential fund security risks. iOS 13.4.5 will fix the vulnerability once it is publicly released by Apple.

Stay #SAFU with Binance.

Read more about enhancing your security measures at Binance Academy: Security and the Binance Blog: