According to security researchers this vulnerability is being actively exploited since January 2018.
Vulnerability details
Advisory: SB2020042245 - Remote code execution in Apple iOS
Vulnerable component: Apple iOS
CVE-ID:
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C
CWE-ID: CWE-787 - Out-of-bounds write
Description:
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing email in the iOS MobileMail. A remote attacker can send a specially crafted email message, trigger an out-of-bounds write and execute arbitrary code on the target system. No user interaction is required to execute arbitrary code.
Note, this vulnerability is being actively exploited in the wild.
External links:
https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/