Mailbox iPhone app vulnerabilty executes any Javascript from HTML body

By   ISBuzz Team
Writer , Information Security Buzz | Sep 29, 2013 10:06 pm PST

Italian Researcher Michele Spagnuolo recently revealed a serious vulnerability in the popular Mailbox iPhone app.

Mailbox is a tidy iOS the email app recently purchased by Dropbox, has a pretty wide-open hole that could allow bad actors to hijack your device.

The flaw occurs in the latest version of Mailbox (1.6.2) currently available from the App Store, that executes any Javascript which is present in the body of HTML emails.

With exploitation of this vulnerability, users could be subject to account hijacking, spam and phishing attacks by simply opening an HTML email containing embedded javascript.


Recent Posts