June 28, 2022
Mailbox App Allows HTML Emails to Execute Javascript [Video]

Mailbox App Allows HTML Emails to Execute Javascript [Video]

Posted September 25, 2013 at 9:25pm by iClarified · 16169 views
Security researcher Michele Spagnuolo has posted blog entry revealing that the Mailbox app executes any Javascript which is present in the body of HTML emails.

This is bad for security and privacy, because it allows advanced spam techniques, tracking of user actions, hijacking the user by just opening an email, and, using an exploitation framework, potentially much worse things. The app also loads external images without offering an option to disable this behavior.

A spokesperson for the app told Ars Technica that a patch will likely be available before the end of the day.

"As others have noted, the risks here are extremely limited thanks to the inter-app security built into iOS," representatives wrote in a statement. "That being said, we're working on an improvement to mail formatting that will mitigate the issue entirely and aim to ship it soon."

You can see a video demonstration below...

Read More [App Store]




Mailbox App Allows HTML Emails to Execute Javascript [Video]Mailbox App Allows HTML Emails to Execute Javascript [Video]Mailbox App Allows HTML Emails to Execute Javascript [Video]
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
You must login or register to add a comment...
Setiawan
Setiawan - September 26, 2013 at 12:46am
Yess jailbreak it
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
iPhone 13 Pro Repair Manual PDF [Download]
How to Add Widgets on iPhone [Video]
iPhone 13 Repair Manual PDF [Download]
iPhone 13 Pro Max Repair Manual PDF [Download]
Where to Download macOS Monterey
Deals. Save on Apple devices and accessories.
DEALS