October 13, 2024
Mailbox App Allows HTML Emails to Execute Javascript [Video]

Mailbox App Allows HTML Emails to Execute Javascript [Video]

Posted September 25, 2013 at 9:25pm by iClarified
Security researcher Michele Spagnuolo has posted blog entry revealing that the Mailbox app executes any Javascript which is present in the body of HTML emails.

This is bad for security and privacy, because it allows advanced spam techniques, tracking of user actions, hijacking the user by just opening an email, and, using an exploitation framework, potentially much worse things. The app also loads external images without offering an option to disable this behavior.

A spokesperson for the app told Ars Technica that a patch will likely be available before the end of the day.


"As others have noted, the risks here are extremely limited thanks to the inter-app security built into iOS," representatives wrote in a statement. "That being said, we're working on an improvement to mail formatting that will mitigate the issue entirely and aim to ship it soon."

You can see a video demonstration below...

Read More [App Store]





Mailbox App Allows HTML Emails to Execute Javascript [Video]Mailbox App Allows HTML Emails to Execute Javascript [Video]Mailbox App Allows HTML Emails to Execute Javascript [Video]
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (1)
You must login or register to add a comment...
Setiawan
Setiawan - September 26, 2013 at 12:46am
Yess jailbreak it
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Ventura
Where to Download iPod touch Firmware Files From
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS