Using an iPhone 4 (GSM), Kurtz set up an IMAP email account, shutdown the device, and accessed the file system. After mounting the iOS data partition, he found the folder containing all of the emails and found that all attachments could be easily accessed without any encryption. Yikes!
Worst of all, Apple claims that there is an additional layer of protection for email message attachments and third-party applications, if your device is password-protected. If you go to Settings -> Passcode and scroll to the bottom of the page, you can see for yourself that Apple is indeed claiming your data is "protected."
Apple has yet to provide a timetable as to when they'll release an update to fix this issue, but it should be soon. Thankfully, it seems that the only way hackers can access the email attachments are directly through the smartphone, rather than using any type of remote access.
To protect yourself, use alternatives to Apple's email application until an update is released, like Gmail and Mailbox. Or you can send links to attachments stored in a cloud, rather than the file itself.
Unfortunately, this isn't the first security issue that Apple has had this year. Just recently, Apple released iOS 7.1.1 in order to patch a bug that allowed hackers to bypass HTTPS encryption protections that monitor sensitive traffic being transmitted by vulnerable devices. Let's hope this latest bug is squashed in short order, and that it's hopefully the last one we see for a while.
Keep Your Connection Secure Without a Monthly Bill. Get a lifetime subscription to VPN Unlimited for all your devices with a one-time purchase from the new Gadget Hacks Shop, and watch Hulu or Netflix without regional restrictions, increase security when browsing on public networks, and more.
Other worthwhile deals to check out: