{"id":34589,"date":"2020-04-23T19:15:08","date_gmt":"2020-04-23T19:15:08","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31144\/Zero-Click-Zero-Day-Flaws-In-iOS-Mail-Used-In-Targeted-VIP-Attacks.html"},"modified":"2020-04-23T19:15:08","modified_gmt":"2020-04-23T19:15:08","slug":"zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/","title":{"rendered":"Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks"},"content":{"rendered":"<p>Apple has reportedly patched a pair of critical vulnerabilities in iOS that are being exploited by what appears to be government-backed hackers to spy on high-value targets. Think senior executives, journalists, managed security service providers, and similar.<\/p>\n<p>ZecOps bods <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/blog.zecops.com\/vulnerabilities\/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild\/#\">this week claimed<\/a> the bugs are buried within the iOS Mail application, and can be abused to achieve remote code execution without the victim ever needing to open a booby-trapped message. The device just has to receive and process the incoming email, specially crafted to exploit Apple&#8217;s programming blunders, and malicious code embedded in the message will be executed, we&#8217;re told. This code can then potentially snoop on and meddle with the victim&#8217;s online activities.<\/p>\n<p>&#8220;We believe that these attacks are correlative with at least one nation-state threat operator or a nation-state that purchased the exploit from a third-party researcher in a Proof of Concept (POC) grade and used \u2018as-is\u2019 or with minor modifications,&#8221; the ZecOps team said.<\/p>\n<p>&#8220;While ZecOps refrain from attributing these attacks to a specific threat actor, we are aware that at least one \u2018hackers-for-hire\u2019 organization is selling exploits using vulnerabilities that leverage email addresses as a main identifier.&#8221;<\/p>\n<p>We&#8217;re told the bugs have been present in iOS since version 6, released in 2012. ZecOps said it noticed hackers exploiting the weaknesses in January 2018 in version 11.2.2. Now they have determined iOS 13.4.1 and below are all vulnerable. iOS 13 is the latest major version officially available.<\/p>\n<p>According to the infosec biz, the vulnerabilities are a pair of out-of-bounds write and heap-overflow errors triggered when a malformed email is fetched by Mail. While the flaws themselves only grant intruders limited access to the compromised device, they can be chained with exploits for kernel-level security holes that escalate access to the whole iThing, we&#8217;re told. It is suspected the hackers used a kernel-level privilege-escalation exploit.<\/p>\n<p>Here&#8217;s the technical description:<\/p>\n<p>Most importantly, the researchers said, in iOS 13, the attack can be performed when Mail automatically downloads messages in the background, meaning no user interaction is needed: the data is fetched, parsed, and the bugs exploited immediately. iOS 12 is slightly more secure, apparently, as the user would need to tap on the email to fetch it and trigger exploitation. Having said that, we&#8217;re told: &#8220;If an attacker controls the mail server, the attack can be performed without any clicks on iOS 12 too.&#8221;<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2019\/04\/05\/shutterstock_292272839.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Apple Safari icon\"><\/p>\n<h2 title=\"Bug that let malicious site snoop on users squashed, so make sure you're on the most recent version\">Flaw hunter bags $75,000 off Apple after duping Safari into spying through iPhone, Mac cameras without permission<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2020\/04\/07\/apple_safari_camera_hack\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>While there is right now no official standalone patch for the reported bugs, we&#8217;re told the freshly released beta version of iOS 13.4.5 fixes both flaws, so a non-beta update from Apple should be arriving soon. ZecOps said it alerted Apple to the holes last month after witnessing their exploitation in the wild, hence the appearance of a beta release that clears up the problem.<\/p>\n<p>If you can&#8217;t patch, ZecOps advises those worried of attack to use another email client and disable Mail.<\/p>\n<p>It was <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/twitter.com\/tehjh\/status\/1253010131283034114\">noted<\/a> by Google Project Zero&#8217;s Jann Horn that ZecOps&#8217; publicly disclosed evidence of exploitation could have been mistaken base64-encoded zero bytes. ZecOps CEO Zuk Avraham <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/twitter.com\/ihackbanme\/status\/1253013630859141120\">insisted<\/a> his team had uncovered evidence of successful exploitation.<\/p>\n<p>In the context of iOS, arbitrary code execution flaws are often exploited either intentionally by the user to jailbreak their devices, or covertly by miscreants to put surveillance software and other malware on devices. Interestingly, the researchers note that exploits for both flaws can be carried out before the full message has been loaded, meaning snoops could potentially cover their tracks by deleting the poisoned messages before the user is even aware what happened.<\/p>\n<p>&#8220;Noteworthy, although the data confirms that the exploit emails were received and processed by victims\u2019 iOS devices, corresponding emails that should have been received and stored on the mail-server were missing,&#8221; they explain. &#8220;Therefore, we infer that these emails were deleted intentionally as part of attack\u2019s operational security cleanup measures.&#8221;<\/p>\n<p>It bears repeating that these reported attacks are limited in scope, and have been only aimed at a small set of high-value targets.<\/p>\n<p>That said, it would be wise to keep an eye out for iOS updates over the next week or so, and promptly install them, as these sort of bugs will often draw copycat attacks from other cyber-crooks. And, as said above, if you&#8217;re concerned, disable Mail on your iThing and use another client if possible. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1916\/-8373\/practical-tips-for-office-365-tenant-to-tenant-migration?td=wptl1916\">Practical tips for Office 365 tenant-to-tenant migration<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/31144\/Zero-Click-Zero-Day-Flaws-In-iOS-Mail-Used-In-Targeted-VIP-Attacks.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":34590,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[8598],"class_list":["post-34589","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerphoneflawapplezero-day"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-23T19:15:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks\",\"datePublished\":\"2020-04-23T19:15:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/\"},\"wordCount\":758,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks.jpg\",\"keywords\":[\"headline,hacker,phone,flaw,apple,zero day\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/\",\"name\":\"Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks.jpg\",\"datePublished\":\"2020-04-23T19:15:08+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,phone,flaw,apple,zero day\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerphoneflawapplezero-day\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/","og_locale":"en_US","og_type":"article","og_title":"Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-04-23T19:15:08+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks","datePublished":"2020-04-23T19:15:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/"},"wordCount":758,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks.jpg","keywords":["headline,hacker,phone,flaw,apple,zero day"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/","url":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/","name":"Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks.jpg","datePublished":"2020-04-23T19:15:08+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/zero-click-zero-day-flaws-in-ios-mail-used-in-targeted-vip-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,phone,flaw,apple,zero day","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerphoneflawapplezero-day\/"},{"@type":"ListItem","position":3,"name":"Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34589"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34589\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/34590"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}