iOS Mail App Doesn’t Encrypt Email Attachments

Source: Thinkstock

Source: Thinkstock

Be careful about opening attachments on an iPhone. Apple’s (NASDAQ:AAPL) iOS 7.0 and above has a little security flaw that makes users’ mail a little less secure than it has been in the past. In the current version of Apple’s mobile operating system, the iOS Mail app does not encrypt attachments, making them potentially vulnerable to hackers.

The affected devices include iPhone 4, iPhone 5, and the iPad 2. Attachments are not encrypted, meaning that opening one can leave the document vulnerable. Luckily, this issue primarily extends to hackers that have physical access to the device in question, or iPhone 4 smartphones that have had a jailbreak – an unlocking the software on the device. This means that a tech-savvy roommate or relative is more likely to exploit the security flaw than a hacker in another country. Apple is currently working on a fix for the bug.

The affected mobile operating systems, iOS 7 and above, are currently in use by the majority of iPhone and iPad users. Analytics firm Mixpanel reports that about 91 percent of iOS users have iOS 7 or higher as of Tuesday.

Apple was made aware of the security hole by security researcher Andreas Kurtz. He works as a security researcher at NESO Security Labs in Germany, reported British newspaper The Daily Mail. He wrote about his discovery in a post on his blog in late April. He hacked Apple devices he had on hand that used iOS 7.0.4. Last month’s iOS 7.1.0 update did not fix the flaw either, he noted.