Are you using a used iPhone? Make sure to check security

Apple plans to fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers.

The bug, which also exists on iPads with iPhones, was discovered by ZecOps, a San Francisco-based mobile security forensics company, while it was investigating a sophisticated cyber-attack against a client that took place in late 2019.

Zuk Avraham, ZecOps’ chief executive, said he found evidence the vulnerability was exploited in at least six cyber-security break-ins.

An Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.

Apple declined to comment on Avraham’s research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.

Avraham said he found evidence that a malicious program was taking advantage of the vulnerability in Apple’s iOS mobile operating system as far back as January 2018.

To execute the hack, Avraham said victims would be sent an apparently blank email message through the Mail app forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details.

ZecOps claims the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. By itself, the flaw could have given access to whatever the Mail app had access to, including confidential messages.

Avraham said he suspected that the hacking technique was part of a chain of malicious programs, the rest undiscovered, which could have given an attacker full remote access. Apple declined to comment on that prospect.

ZecOps found the Mail app hacking technique was used against a client last year. Avraham described the targeted client as a “Fortune 500 North American technology company,” but declined to name it.

They also found evidence of related attacks against employees of five other companies in Japan, Germany, Saudi Arabia, and Israel.

Avraham based most of his conclusions on data from “crash reports,” which are generated when programs fail in mid-task on a device.

He was then able to recreate a technique that caused the controlled crashes.

Two independent security researchers who reviewed ZecOps’ discovery found the evidence credible, but said they had not yet fully recreated its findings.

Looking to buy a new used iPhone? Check the guide.

iPhone 12 is coming soon

Apple's plans for 2020 have certainly run into a perfect storm of challenges. The COVID-19 pandemic is introducing complications into the planning and production of new hardware and the complex component supply chain that feeds its production lines, as well as stoking a challenging global economic situation that will have a significant negative impact on everyone's sales globally.

However, these alarmist reports confidently claiming inside knowledge of Apple "delaying the mass production" of new iPhones have cautiously limited their remarks to a supposed "ramp-up" period where phones are prepared for launch, reportedly starting in July. The idea that the beginning of the "mass production ramp" of "iPhone 12" could be delayed by weeks is hardly material, even if it could be established to be true.

Apple can accelerate its subsequent pre-launch production to deliver an adequate supply to make up for a slower than usual start. In previous years, Apple has frequently boosted or shifted around its production plans in response to greater than anticipated demand for specific models. Increasing or decreasing production is an art Apple has proven to be extremely proficient at, even under challenging circumstances involving prior economic downturns or supply chain crises.

Apple launched iPad 2 despite the supply chain devastation that hit Japan in 2011. Source: BHPEnglish

Apple's executives have commonly noted this in the company's quarterly conference calls, specifically highlighting greater than expected demand for a particular product, or a specific model in a range of devices. There is no indication that Apple's assembly plant partners will be unable to operate at normal production volumes in the second half of this year.

Further, the pressure to build up an adequate launch supply before "iPhone 12" goes on sale is also reduced this year simply because demand is likely to be weaker than usual. Rather than racing out "iPhone 12" in a desperate bid to catch up with 5G Android handsets as these same sources had been predicting, this year's smartphone sales have already slowed significantly, and the financial impacts to potential buyers around the world will almost certainly repress peak demand.

Rather than resulting in a delayed launch that might threaten Apple to miss the holiday season entirely as some analysts have floated as a "worst-case scenario," it appears that Apple is comfortably positioned to launch "iPhone 12" as planned. Apple has done this before with previous launches and handling of previous supply chain disasters, and it can manage it because it has the resources to arrange for priority access to testing, production, and shipping services.

The same can't be said of manufacturers of lower-tier phones that were barely making a profit while the economy was thriving, and demand was reaching all-time highs. Will Samsung and Huawei continue to focus their resources on building whimsical folding prototypes that cost thousands of dollars and sell to only a tiny audience of users? Compare that to Apple, which has been selling tremendous numbers of its highest-end iPhones every year, even during cycles of economic downturn.

The recession in 2008 and its "global macroeconomic headwinds" caused many pundits to worry about Apple's prospects, given that it was just beginning to sell its new iPhone at a price significantly higher than other competing handsets that sold in large numbers. However, it wasn't Apple that was hit hardest by that recession. It was the manufacturers of lower-priced commodity products, who experienced a drop in their sales volumes that crushed their thin margins of profitability.