The vulnerability was fixed by iOS 13.5 on 21th May 2020, so upgrade iOS 13.5/iPad OS 13.5 if you have the device.
In recent news and blog posts, it has been reported that there is a serious unmodified security vulnerability in the Mail app that comes as standard on iOS (iPhone / iPad / ipod touch).
- You’ve Got (O-click) Mail! (zecOps Blog)
- Report: iPhone Mail app zero-day exploits found in the wild, Apple has fix coming in next public iOS release (9TO5Mac)
- Zero-click, zero-day flaws in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch (The Register)
This vulnerability can be exploited only by setting the receiving settings in the background (default settings) without reading the email.
How to protect your device
Until iOS 13.4.5 is released, which fixes the problem, you should temporarily suspend receiving emails in the standard iOS Mail app and use another email app.
How to stop receiving mail with the Mail app
- Settings > Passwords & Accounts > Each Account > Turn off “Mail”.
Both Kyoto University email and the Center’s email addresses use Gmail, so please use Gmail app until iOS 13.4.5 is released.
- Use Gmail app.
24th April, 2020
Information Processing Office