Unassisted iOS Attacks via MobileMail in the wild

There has been discovered a vulnerability in the default mail application (MobileMail) for iOS.

The vulnerability allows an attacker to send an email to a victim (you) and without any action from you, the email will launch code prepared by the attacker on your device.
The fix for this is not released yet, it has been released as a public Beta-version.
Basefarm has decided to block this app from getting more mail from Basefarms Exchange servers.

Researchers has found attacks in the wild, exploiting this vulnerability, back in January 2018 on iOS 11. They state it is likely that the same threat operators are actively abusing these vulnerabilities presently.

There has been no wide exploitation, this is likely due to the fact that this is high value exploit, and the attacker was trying to minimize the risk for detection. There has been targeted attacks towards executives and VIPs in large organizations, MSSPs in Saudi Arabia and Israel (this can be used to make assumptions on who the threat operator is.), a journalist in Europe, etc.

Now that the vulnerability is exposed the value of it is dropping by the minute, and the threat operator has no reason to hold back any more. There is now a race between them and getting fixes out to the users.

Internally in Basefarm the activity related to this vulnerability is tracked in BF-VLN-2031243.

See also:

https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/