Apple prepping fix for iOS 7 mail attachment bug

Last week ZDNet's Larry Seltzer wrote about a bug in iOS 7 that left mail attachments unencrypted and thus vulnerable to potential hacks and other nefarious deeds. Today Apple acknowledged the bug and committed to fixing it.

Apple devices, including iPhone 3GS and later, include hardware encryption. Adding a passcode protects the hardware encryption keys on the device and adds "an additional layer of protection for your email messages attachments, and third-party applications." The bug, reported by Andreas Kurtz, means that iOS email attachments are stored unencrypted in certain instances:

    I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction