iOS 7 Stores Unencrypted Email Attachments



Mobile operating systems security are often stigmatized and Apple does not make an exception to the rule. If you are used to send sensitive attachments, maybe you should think twice. There is a bug that affect the latest version  iOS 7 by allowing to send unencrypted email attachments, according to researcher.

Despite the fact that Apple has full protection with the iOS 7 firmware , attackers can easily enough to get access to content. Rough failure endangers users’ personal data.

I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction , “- said Kertz .

The expert confirmed the vulnerability on the iPhone 4 running iOS 7.1 and 7.1.1 , as well as iPhone 5s and iPad 2 with iOS iOS 7.0.4.

Endrea Kertz wrote in his blog that Apple has notified about the vulnerability before publishing study results , but no response has not yet been followed. It is assumed that the error will be corrected in a future update iOS.

Follow us on Twitter, subscribe to our Facebook Page, find us on LinkedIn