14 DAY TRIAL // Apple has confirmed to the press that it is working on the next iOS update with plans to include a patch for the email attachment vulnerability discovered and reported by Andreas Kurtz. Developer Ryan Petrich decided he wouldn’t wait for iOS 7.1.2 to arrive with said patch, so he created one of his own and is now offering it to everyone else through Cydia.
A well-known figure in the jailbreak scene, Ryan Petrich is not at his first Cydia tweak, and likely not at his last either.
After hearing the news about Andreas Kurtz’s discovery, he decided to develop his own mail attachment patch. Dubbed “AttachmentEncryptor.” The minute 72KB jailbreak tweak is accessible through the developer’s own repository (rpetrich repo) and requires a jailbroken device.
The description of AttachmentEncryptor states, “Fix for iOS 7 mail attachment encryption bug discovered by Andreas Kurtz.” The tweak works under-the-hood and doesn’t place an icon on the user’s Home screen, nor does it add any extra options to the Settings pane.
If you’re wondering just how serious the flaw in question really is, don’t sweat it. It’s not. It’s about as bad as not setting a passcode lock on your device, just to give you an idea.
In an interview with Softpedia, security company Malwarebytes’ intelligence analyst Christopher Boyd said, “It's hard to take advantage of and you can't really rummage through someone's email attachments easily without the phone physically being in your hand.”
“Owners of Apple devices should use lockscreen passwords in case of theft, and use other secure apps until Apple has resolved the situation,” he noted, adding that “the attacker needs to have your phone in their hands and if that's happened and the phone has no password then at that point you may have bigger problems than a few unencrypted attachments.”
Still, it can’t hurt to be extra safe these days, and if you’re carrying around a jailbroken unit with 72KB to spare, you might as well download and install Ryan Petrich’s AttachmentEncryptor and give the guy a thumbs up on Twitter or something while you’re at it.
Although Apple has bigger fish to fry, the reality is the company has never rushed to deliver security patches, regardless of their severity. So if you’re waiting anxiously for iOS 7.1.2 to arrive just to be able to send photos through email without fear of someone intercepting your data, don’t.