Apple has since responded to the claims where in a tweet by Rene Ritchie, the company seems to be downplaying the severity of the vulnerability, and also claiming that to date, they have not discovered any evidence to suggest that the vulnerability was exploited and that customers had been affected by it.
According to Apple, “We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”
Apple's comment on the ZecOps claim of a Mail .app exploit (full text in image description):
TL;DR: "The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections." pic.twitter.com/hfE2xlzHUv
— Rene Ritchie (@reneritchie) April 24, 2020
It should be noted that Apple was notified of the issue several months ago and worked with the researchers to fix it. The fix has yet to be released, but it is expected to come in an upcoming iOS update, so do keep an eye out for it when it is eventually released.