Last week, ZDNet discovered that there is a bug in iOS 7.1.1 that does not encrypt email attachments, making it possible for anyone to read what you send and receive though your iPad or iPhone. Apple has known about the issue for at least a month now and, although the problem has not yet been remedied, a fix is presumably on its way.
According to AppleInsider, security researcher Andreas Kurtz noted the flaw all the way back in iOS 7.0.4 and has reported his findings to Apple. The company responded with an acknowledgement of the bug, but did not offer a timeline of its fix.
The bug, as reported by ZDNet, makes it possible for third party access to messages with attachments. Kurtz tested the bug on an iPhone 4 and was able to access the file system and view them in clear text.
AppleInsider points out that a malicious hacker would need physical access to a person’s iOS device in order to read the attachment. “Accessing the unencrypted attachments requires the device to be placed in “‘DFU’ mode and accessed via SSH.”
With all the talk lately of security issues, Apple should make this encryption but a priority in order to save face in the public eye. Tech users are especially sensitive to privacy protection right now. Apple was protected from Heartbleed, but that won’t make a person feel better if email attachments can be stolen so easily.
» Related posts:
Security Researcher Claims he Hacked Apple Developer Center to Reveal Security Holes
‘Find my iPhone/iPad’ Adds Security Features in iOS 7
PadGadget’s iPad Tips: How to Tell When You’ve Received a Phishing Email