![]() If the victim clicks to view the weaponized message within Airmail 3, the exploit is triggered and the database containing the victim’s email messages is automatically sent to the attacker. Worse, the research team also found out they were also able to bypass Airmail’s HTML filters part of the time, to trigger the exploit instantly. Other elements could also be embedded in the attack email that will cause Airmail 3 to attach files to that outgoing message – such as previously sent emails. Unbeknownst to the user, if clicked, this link opens up and sends a new email message from the victim account to the attacker. An attacker would simply send an email to an Airmail 3 user containing a link with a URL request that triggers the “send mail” function of the application. ![]() Security analysts at VerSprite said that they discovered that URL requests processed by Airmail 3 can be abused to steal files from the victim, while requiring little skill to do so. Severe vulnerabilities in the Airmail 3 software – an alternative to Apple Mail for MacOS – would allow a remote attacker to steal a user’s past emails and file attachments, in many cases without requiring user interaction beyond simply opening a weaponized message, researchers said.
0 Comments
Leave a Reply. |