Apple Vows To Fix iOS 7 Bug That Leaves Mail Unencrypted

Apple Vows To Fix iOS 7 Bug That Leaves Mail Unencrypted
ElisaRiva / Pixabay

Last week, it became clear that iOS 7 has a bug that leaves mail attachments unencrypted. Today, Apple Inc. (NASDAQ:AAPL) says that it’s working on it.

An Apple spokesperson told iMore today that Apple “is aware of the issue and are working on a fix which will be delivered in a future software update.”

Hedge Fund Launches Jump Despite Equity Market Declines

Last year was a bumper year for hedge fund launches. According to a Hedge Fund Research report released towards the end of March, 614 new funds hit the market in 2021. That was the highest number of launches since 2017, when a record 735 new hedge funds were rolled out to investors. What’s interesting about Read More

Apple iOS 7: Data protection fails on older phones

The bug was discovered and first reported by Andreas Kurtz who found that he was allowed to access email attachments in iOS 7 without entering a passcode. Now, clearly the easiest way to fix this is to make sure that your iPhone is password protected but that’s not enough for Apple Inc. (NASDAQ:AAPL) which has promised to remedy the situation with a coming upgrade to iOS 7.whatever-is-next.

Apple security

Clearly Apple Inc. (NASDAQ:AAPL) is not pleased with this as these attachments are meant to be protected by its Data Protection technologies. Data Protection, according to Apple, offers users “an additional layer of protection for your email messages attachments, and third-party applications.”

Kurtz discovered the problem when he was employing an iOS jailbreak tool that he didn’t specify.

How did he do it?

The size of the problem poses very limited risk because it requires physical access to your phone and jailbreak utilities. Rich Mogull and Adam Engst explained the process at recently:

An attacker either needs your passcode (in which case they have everything anyway), or he needs a jailbreak that works without a passcode, allowing him access to the file system. That’s how Kurtz was able to attack an iPhone 4. It’s unclear how he was able to reproduce on an iPhone 5s and iPad 2 running iOS 7.0.4, since more recent devices running iOS 7 aren’t susceptible to a jailbreak without the passcode. It’s possible that Kurtz had already jailbroken his iPhone 5s and iPad 2, so they weren’t as protected as a normal device would be. The bug means that email attachments still aren’t encrypted on those devices, but there isn’t a way to get to them.

Kurtz explained how he was able to discover the problem as well:

I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction

At the end of the day, it’s not much of a threat, more an embarrassment to Apple Inc. (NASDAQ:AAPL) as it competes with Android for dominance.

Updated on

While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. <i>To contact Brendan or give him an exclusive, please contact him at</i>
Previous article Twitter Tumbles Midday as More Shares Hit the Market
Next article Alibaba Officially Files For US IPO

No posts to display