Apple says it provides “an additional layer of protection for your email messages attachments, and third-party applications.” This isn’t true, according to security researcher Andreas Kurtz.

In iOS 7, iOS 7.0.4, iOS 7.1, and iOS 7.1.1, Kurtz found that email attachments are not encrypted. He also found that the protected data feature in iOS 7 doesn’t work with those same attachments, although it does with other functions.

He notes:

I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction:

Kurtz says that Apple is aware of these issues and has promised a fix.

I have no doubt Apple will fix this issue promptly. Still, shouldn’t this type of issue have been resolved many years ago?

Via: 9to5Mac