Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple aware of email attachment encryption issue in iOS 7.1.1

AppleInsider Staff |

Recent releases of Apple's iOS platform, including the latest iOS 7.1.1 update, include a bug that prevents email attachments saved on the device from being properly protected with encryption, and a fix is presumably on the way.

Security researcher Andreas Kurtz revealed last month that he has reported the flaw to Apple, and the company responded by saying they were aware of the issue. To date, the problem has not yet been fixed, and Apple has not offered a timetable for when it might be addressed.

Apple's statement on the issue simply said, "We're aware of the issue and are working on a fix which we will deliver in a future software update."

Using an iPhone 4, Kurtz was able to verify that the attachments could be read without any encryption or restriction after accessing the device's file system in both iOS 7.1 and iOS 7.1.1. The same vulnerability was then discovered on an iPhone 5s as well as an iPad 2 running iOS 7.0.4. The flaw was highlighted last week by ZDNet.

Apple advertises data protection on its iOS platform for devices that offer hardware encryption, which includes the iPhone 3GS and later, as well as all iPad models. Data encryption can be enabled by turning on a passcode lock on an iOS device.

Exploiting flaw requires physical access or iPhone 4-only jailbreak

Of course, this security flaw requires that a malicious hacker have physical access to the iPhone in order to read the root file system. Accessing the unencrypted attachments requires the device to be placed in "DFU" mode and accessed via SSH. That step requires that a malicious user would either need the device passcode or perform a hardware jailbreak of the device to take exploit the bug.Apple's latest iOS 7.1.1 release is currently only possible to jailbreak on iPhone 4

Apple's latest iOS 7.1.1 release is currently only possible to jailbreak on iPhone 4, according to International Business Times, which notes that "owners of newer iOS devices running iOS 7.1 and above continue to be without luck as no jailbreak has been developed for the latest version of iOS on devices such as the iPhone 5S and iPad Air."

Earlier this month, a separate SSL security flaw was discovered in both iOS and OS X. Apple worked to quickly patch the issue in subsequent updates to both platforms.

 

Top Stories

article thumbnail

Amazon drops Apple's M3 MacBook Air to record low $989

article thumbnail

Retro gold rush: these emulators are coming to the App Store soon

article thumbnail

The Worst of WWDC - Apple's biggest missteps on the way to success

article thumbnail

Apple's generative AI may be the only one that was trained legally & ethically

article thumbnail

Arizona TSMC facility continues to fight cultural battles, rising costs & logistical hurdles

article thumbnail

New iPad Air & iPad Pro models are coming soon - what to expect

article thumbnail

Save up to $350 on every Apple M3 MacBook Pro, plus get up to $80 off AppleCare