Until recently iPhones have known to be virtually unhackable. Things changed in 2016 when researchers unearthed in the wild attack on an iPhone. Now a San Francisco based security company named ZecOps has found two Zero-Day exploits for iOS. Apple has been informed of the same and the patch has already appeared on the latest iOS 13.4.5 Beta.

The Zero-Day vulnerability is a flaw already known to the company, but it doesn’t have a patch to fix the flaw. Cybercriminals can potentially exploit this vulnerability. It is called Zero-Day since the company or software vendor has Zero-Days left to fix the patch.

These vulnerabilities are widely exploited in the wild in targeted attacks by an advanced threat operator(s) to target VIPs, executive management across multiple industries, individuals from Fortune 2000 companies, as well as smaller organizations such as MSSPs- ZecOps

According to ZecOps a few of its customers have already fallen victim to the new Zero-Day exploits. One of the vulnerabilities falls under the category of remote zero-click. Apparently this attack is more dangerous as it can be initiated remotely by anyone connected to the internet. The worst part is that the target gets infected without interacting. Meanwhile, the second vulnerability piggybacks on another vulnerability.

The vulnerability is exploited by sending an email that gobbles up large storage space while the other vulnerability can be triggered remotely. It is said to affect all software versions between iOS 6 and iOS 13.4.1. Thankfully Apple has already patched the vulnerability in the latest iOS 13.4.5 Beta, and the same will soon be released publicly. Fret not, you can protect yourself from the vulnerability by using third-party email apps like Gmail and Outlook.