Highlights and Updates

Apple Mail Zero-Click Security Vulnerability Allows Email Snooping

Tuesday, 6th April 2021

CVE-2020-9922 can be triggered just by sending a target an email with two .ZIP files attached.

A zero-click security vulnerability in Apple’s macOS Mail would allow a cyber attacker to add or modify any arbitrary file inside Mail’s sandbox environment, leading to a range of attack types.

CVE-2020-9922 is rated 6.5 on the CVSS vulnerability-severity scale, making it medium-severity, but the researcher stressed that successful exploitation could “lead to many bad things.”