Chapter in this post:
Apple's own mail app for iOS on the iPhone and iPadOS on the iPad was last due to security gaps in the media. The app problems are hyped up. The Federal Office for Information Security (BSI) also has a correspondingly drastic one Entry issued for this purpose, but I keep and use the Mail app on my mobile Apple devices. I would like to explain why in this post. Of course, the note: I'm not a security researcher, just an Apple user with over 20 years of experience;)
I have already received three letters from readers who would like me to say something on the subject. My personal opinion is - and it doesn't necessarily have to be correct - that I don't change my mail program for the time being. If Apple takes a stand on the matter itself and says that the three problems cannot be used to spy on users, then I trust this statement. Incidentally, the same has already been published, such as the specialist magazine The Verge at this point reported. Accordingly, the security holes have not yet been exploited by hackers or fraudsters. With this, Apple contradicts the security researchers at ZecOps.
Here is Apple's statement as a full quote (source: The Verge):
Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher's report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.
The mentioned security gap consists of a total of three individual problems in the app. As you can see from the statement made by the technology giant from Cupertino, an update has already been announced as a fix for the problems. Security gaps in iOS and macOS are often raised and used by the media for clickbait. If you look at the bottom line, then the security problems in the past were often designed in such a way that an attacker would have to put a lot of effort into and usually even have to have physical access to my devices in order to get to my data via the security hole. These cases may be of interest to security researchers or important people, journalists or politicians, but they are unimportant to me.
All in all, the reports don't put me off, whether it's The Verge, German Apple magazines or the BSI. Of course, I don't want to discredit the latter in particular, as the individual reports and tips are always a good reference point for dealing with digital media. But especially at Apple you can be sure that problems will be resolved quickly and you don't have to rush anything if there is no absolutely acute danger. This is how I see it with this message: Apple sees the problems, has an update for them in the pipeline, and says that, in their opinion, they cannot and have not been exploited. That's enough for me to sleep peacefully.
What's your opinion? Feel free to leave a comment about the (soon to be closed) mail security gaps;)
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.