Binance has warned about the vulnerability of the email client devices based on iOS

This morning, the Binance cryptocurrency exchange published a notification for its users, in which it warned about the vulnerability of devices based on the iOS operating system arising from the default email client.

As ZecOps reported a few days earlier, the vulnerability allows remote code execution. For infection, a message is sent to the device, which absorbs significant amounts of its memory.

Researchers note that the vulnerability was used for real attacks on users and can be activated even before the message is completely downloaded, therefore its contents do not always remain on the device. In particular, there are known cases of exploitation of a vulnerability on devices running iOS 11, 12, and 13. Moreover, the latest versions of iOS 13 allow downloading mail in the background, which makes them even more vulnerable than, for example, iOS 12, where the user must go into the application to launch the exploit. The vulnerability is present in Apple devices with at least iOS 6, that is, since September 2012, when the iPhone 5 came out.

According to media reports, the vulnerability was fixed in the beta version of iOS 13.4.5, a full release of which should take place in the near future. In the meantime, users are advised to set the data download to “Manual” and disable the “Push” option on the “Passwords and Accounts” tab in the settings menu, as well as install an alternative email client.

“This is a serious security issue affecting all iPhone users. Please take action and protect yourself, writes Changpen Zhao, CEO of Binance. – Here is another reason to use unique addresses for each exchange and never disclose them. Less opportunity to attack. ”