Apple plans to release a patch after the cybersecurity company ZecOps found vulnerabilities that may have allowed hackers to exploit iPhones, devices used by hundreds of millions of people.
San Francisco-based ZecOps discovered two “exploitable vulnerabilities” in Apple’s mail app and alerted the company, which released a beta update this month. The company confirmed that a full update is forthcoming to fix the bug.
The vulnerability can be exploited when a specially crafted email is opened on the mail app by an iPhone or an iPad, said Zuk Avraham, the founder and chief executive officer of ZecOps.
ZecOps has “high confidence” that the flaws may have been used in attacks conducted by “an advanced threat operator,” according to a Wednesday report by the company. Among the victims were “individuals from a Fortune 500 organization in North America” and “an executive from a carrier in Japan,” as well as “a journalist in Europe,” the report said.
The vulnerabilities may have been exploited by attackers since January 2018, according to ZecOps. The bugs were disclosed publicly when Apple issued the beta update, and attackers “will likely use the time until a patch is available to attack as many devices as possible,” ZecOps predicted in the report.
Users can protect themselves by applying the beta patch, or avoiding the mail app and temporarily switching to alternatives that aren’t vulnerable to the bugs, ZecOps said in the report.
More must-read tech coverage from Fortune:
—As businesses adapt to remote work, tech isn’t their biggest problem
—Thermal-imaging tech is on the rise. Can it help fight the coronavirus?
—More surveillance and less privacy will be the new normal after the coronavirus
—AMD CEO Lisa Su on supercomputing and leading a global company through a pandemic
—Listen to Leadership Next, a Fortune podcast examining the evolving role of CEO
—WATCH: Best earbuds in 2020: Apple AirPods Pro Vs. Sony WF-1000XM3
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.