Apple has downplayed the danger of a Mail bug disclosed recently by a security firm, according to a tweet from analyst Rene Ritchie. According to ZecOps, the app has a zero-day exploit that could let attackers infect your iOS device even if you don’t click on links or take other actions. Furthermore, ZecOps said it had evidence that attackers had attempted to use the flaw for at least two years against six or more potential targets around the world.

Apple's comment on the ZecOps claim of a Mail .app exploit (full text in image description):



TL;DR: "The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections." pic.twitter.com/hfE2xlzHUv — Rene Ritchie (@reneritchie) April 24, 2020

However, Apple told Ritchie that the issues discovered by ZecOps are “insufficient [alone] to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.” Apple added that “these issues do not pose an immediate risk to our users...these potential issues will be addressed in a software update soon.”