The BtCIRT would like to inform the general public about the default Mail App in iPhones and iPads vulnerable to two critical flaws that attackers are exploiting.The vulnerabilities of the mail application allow attackers to take complete control over Apple devices remotely by simply sending an email to any targeted individual. These flaws which resides in the MIME library of the Apple mailing application are triggered while processing the contents of an email and they are critical hence it can be exploited with ‘zero-click,’ which means that no action is required from the targeted user.
Therefore, Bhutan Computer Incident Response Team recommends users Do not to use Apple built-in mail application until a patch is available and apply the necessary updates.
References
https://www.cert.gov.lk/alert_info.php?id=172
https://www.zdnet.com/article/apple-disputes-recent-ios-zero-day-claim/