Security researchers show how attackers targeting Airmail for Mac can get copies of all your e-mails

Versprite's security researchers have found a security flaw in Airmail for Mac that exposes private data, including accounts-wide e-mail databases. In this attack, you need to open a maliciously crafted e-mail and tap the link in the message. It seems to be a big problem due to combinati of technical exploit and phishing attack.

Amaz Prime Try the free trial for 30 days

You can read the vulnerability details of Versprite blog. Essentially, researchers have noticed that Airmail has registered custom URL schemes that can voluntarily send outgoing emails ctaining specific ctent and attachments.

They also discovered that the mail database where Airmail stores e-mail messages for accounts is located in the "deterministic" locati of the file system. A malicious attacker can combine these two pieces of information.

When the recipient taps, you can create a link that uses the Airmail URL scheme so that it sends a new email attaching all mail messages from the user to the "hacker".

There are some mitigatis to csider, but that is a pretty big security issue. First of all, the attacker must know that somee is using Airmail and needs to click the link of the email sent to the recipient to make it work. This particular attack will not work if the account name is changed from the default. The attacker identified the relevant vulnerabilities and completely removed the necessary user interacti procedures but could not do it in a reliable manner.

If this is exploited in the real world, malicious links may be disguised by some phishing mail. Click here to see important messages …



We will be happy to hear your thoughts

      Leave a Reply

      AppleiPhonestop - Apple iPhone News and Rumours All Day
      Enable registration in settings - general
      Compare items
      • Laptops (0)