Cybersecurity firm ZecOps told Reuters that it found evidence the vulnerability was exploited in at least six cybersecurity break-ins.
Apple had earlier disputed Avraham's evidence that the hack had been used against users
Apple said on Thursday it has found "no evidence" a flaw in its email app for iPhones and iPads has been used against customers, and that it believes the flaw does "not pose an immediate risk to our users". San Francisco-based cybersecurity firm ZecOps on Wednesday detailed a flaw that it said may have left more than half a billion iPhones vulnerable to hackers.
Zuk Avraham, ZecOps' chief executive, had said that he has found evidence that the vulnerability was exploited in at least six cybersecurity break-ins.
Avraham said he found evidence that an attacker was taking advantage of the vulnerability as far back as January 2018, but that he could not determine who the hackers were.
Reuters was unable to independently verify his claim.
Apple on Wednesday acknowledged the vulnerability existed in its software for email on iPhones and iPads, known as the Mail app, and said the company had developed a fix that will be introduced in a forthcoming update to millions of devices it has sold globally.
On Thursday, Apple disputed Avraham's evidence that the hack had been used against users.
"We have thoroughly investigated the researcher's report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users," Apple said in a statement. "The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers."
In response to Apple's statement, ZecOps said it found evidence of related hacks against "a few organizations" and that it would share additional technical information once Apple released its software update to the public.
© Thomson Reuters 2020
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.