Rule History

alert smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible iOS MobileMail OOB Write/Heap Overflow Exploit Email (Inbound)"; flow:established,to_server; pcre:"/(?:\x0a|\\n)\/s1Caa6/"; content:"J1Ls9RWH"; fast_pattern; reference:url,blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/; classtype:attempted-admin; sid:2030009; rev:1; metadata:attack_target Mobile_Client, created_at 2020_04_23, deployment Perimeter, confidence Medium, signature_severity Major, updated_at 2020_04_23;)