Mailbox App Allows HTML Emails to Execute Javascript [Video]

Mailbox App Allows HTML Emails to Execute Javascript [Video]

Posted by · 14273 views · Translate
Security researcher Michele Spagnuolo has posted blog entry revealing that the Mailbox app executes any Javascript which is present in the body of HTML emails.

This is bad for security and privacy, because it allows advanced spam techniques, tracking of user actions, hijacking the user by just opening an email, and, using an exploitation framework, potentially much worse things. The app also loads external images without offering an option to disable this behavior.

A spokesperson for the app told Ars Technica that a patch will likely be available before the end of the day.

"As others have noted, the risks here are extremely limited thanks to the inter-app security built into iOS," representatives wrote in a statement. "That being said, we're working on an improvement to mail formatting that will mitigate the issue entirely and aim to ship it soon."

You can see a video demonstration below...

Read More [App Store]




Mailbox App Allows HTML Emails to Execute Javascript [Video]Mailbox App Allows HTML Emails to Execute Javascript [Video]Mailbox App Allows HTML Emails to Execute Javascript [Video]
Setiawan - September 26, 2013 at 12:46am
Yess jailbreak it
Recent