Mailbox.app
makes changes
after security
flaw
www.latestdigitals.com
Mailbox.app makes changes after security flaw
www.latestdigitals.com
Mailbox.app
makes changes
after security flaw
For the...
Mailbox.app makes changes after security flaw
www.latestdigitals.com
Mailbox.app makes changes after security flaw
www.latestdigitals.com
A popular iOS application for managing Google
Mail in...
Mailbox.app makes changes after security flaw
www.latestdigitals.com
Bad for security
and privacy
Mailbox.app makes changes after security flaw
www.latestdigitals.com
In his blog, he said: “This is bad for security and
p...
Mailbox.app makes changes after security flaw
www.latestdigitals.com
While this may seem innocuous, Spagnuolo added
in a c...
Mailbox.app makes changes after security flaw
www.latestdigitals.com
Mailbox responds
Mailbox.app makes changes after security flaw
www.latestdigitals.com
Mailbox responded a few days later by issuing a fix
o...
Mailbox.app makes changes after security flaw
www.latestdigitals.com
That being said, today we implemented a process
that ...
Mailbox.app makes changes after security flaw
www.latestdigitals.com
For the latest tech news, visit
www.latestdigitals.co...
Upcoming SlideShare
Loading in...5
×

Mailboxapp makes changes after security flaw

106

Published on

Visit http://www.latestdigitals.com for the latest digital and technology news.

A popular iOS application for managing Google Mail inboxes has disabled JavaScript from running within HTML emails after a security flaw was found.

The flaw, which means an attacker could potentially run code from within the body of an email on the user’s phone, was discovered in Mailbox.app by independent security researcher, Michele Spagnuolo.

He also demonstrated in a video how this code can be used to open apps and send texts and emails.

Bad for security and privacy

In his blog, he said: “This is bad for security and privacy, because it allows advanced spam techniques, tracking of user actions, hijacking the user by just opening an email, and potentially much worse things, especially for jailbroken devices.”

While this may seem innocuous, Spagnuolo added in a comment on the tech blogging site Ars Technica that even though apps are protected from affecting the wider operating system (through a method known as ‘sandboxing’), this has been broken on more than one occasion, once where Mobile Safari was hacked to transmit the user’s SMS database to a remote server, and again when a website was launched that allowed users to remotely jailbreak their phones via a website.

Mailbox responds

Mailbox responded a few days later by issuing a fix on their servers which filters out JavaScript, and issued a statement via their blog: “Yesterday evening a security blogger raised concern about Mailbox running javascript within HTML email messages. As many have noted, the real risks presented by running javascript within Mailbox are extremely limited thanks to how iOS is designed.”

That being said, today we implemented a process that strips javascript from messages before delivering them to mobile devices. This feature is now live on Mailbox servers and filtering new mail. This will be particularly important as we develop for other platforms, where javascript vulnerabilities could be more of an issue.”

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
106
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Mailboxapp makes changes after security flaw

  1. 1. Mailbox.app makes changes after security flaw www.latestdigitals.com
  2. 2. Mailbox.app makes changes after security flaw www.latestdigitals.com Mailbox.app makes changes after security flaw For the latest tech news, visit www.latestdigitals.com everyday!
  3. 3. Mailbox.app makes changes after security flaw www.latestdigitals.com
  4. 4. Mailbox.app makes changes after security flaw www.latestdigitals.com A popular iOS application for managing Google Mail inboxes has disabled JavaScript from running within HTML emails after a security flaw was found. The flaw, which means an attacker could potentially run code from within the body of an email on the user‟s phone, was discovered in Mailbox.app by independent security researcher, Michele Spagnuolo. He also demonstrated in a video how this code can be used to open apps and send texts and emails.
  5. 5. Mailbox.app makes changes after security flaw www.latestdigitals.com Bad for security and privacy
  6. 6. Mailbox.app makes changes after security flaw www.latestdigitals.com In his blog, he said: “This is bad for security and privacy, because it allows advanced spam techniques, tracking of user actions, hijacking the user by just opening an email, and potentially much worse things, especially for jailbroken devices.”
  7. 7. Mailbox.app makes changes after security flaw www.latestdigitals.com While this may seem innocuous, Spagnuolo added in a comment on the tech blogging site Ars Technica that even though apps are protected from affecting the wider operating system (through a method known as „sandboxing‟), this has been broken on more than one occasion, once where Mobile Safari was hacked to transmit the user‟s SMS database to a remote server, and again when a website was launched that allowed users to remotely jailbreak their phones via a website.
  8. 8. Mailbox.app makes changes after security flaw www.latestdigitals.com Mailbox responds
  9. 9. Mailbox.app makes changes after security flaw www.latestdigitals.com Mailbox responded a few days later by issuing a fix on their servers which filters out JavaScript, and issued a statement via their blog: “Yesterday evening a security blogger raised concern about Mailbox running javascript within HTML email messages. As many have noted, the real risks presented by running javascript within Mailbox are extremely limited thanks to how iOS is designed.”
  10. 10. Mailbox.app makes changes after security flaw www.latestdigitals.com That being said, today we implemented a process that strips javascript from messages before delivering them to mobile devices. This feature is now live on Mailbox servers and filtering new mail. This will be particularly important as we develop for other platforms, where javascript vulnerabilities could be more of an issue.”
  11. 11. Mailbox.app makes changes after security flaw www.latestdigitals.com For the latest tech news, visit www.latestdigitals.com everyday!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×