Skip to main content

Airmail 3 Exploit Instantly Steals Info from Apple Users

posted onAugust 21, 2018
by l33tdawg
Threat Post
Credit: Threat Post

Severe vulnerabilities in the Airmail 3 software – an alternative to Apple Mail for MacOS – would allow a remote attacker to steal a user’s past emails and file attachments, in many cases without requiring user interaction beyond simply opening a weaponized message.

Researchers at VerSprite discovered that URL requests processed by Airmail 3 can be abused to steal files from the victim, while requiring little skill to do so. An attacker would simply send an email to an Airmail 3 user containing a link with a URL request that triggers the “send mail” function of the application. Unbeknownst to the user, if clicked, this link opens up and sends a new email message from the victim account to the attacker. Other elements could also be embedded in the attack email that will cause Airmail 3 to attach files to that outgoing message – such as previously sent emails.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th