Be the first to like this
Visit http://www.latestdigitals.com for the latest digital and technology news.
The flaw, which means an attacker could potentially run code from within the body of an email on the user’s phone, was discovered in Mailbox.app by independent security researcher, Michele Spagnuolo.
He also demonstrated in a video how this code can be used to open apps and send texts and emails.
Bad for security and privacy
In his blog, he said: “This is bad for security and privacy, because it allows advanced spam techniques, tracking of user actions, hijacking the user by just opening an email, and potentially much worse things, especially for jailbroken devices.”
While this may seem innocuous, Spagnuolo added in a comment on the tech blogging site Ars Technica that even though apps are protected from affecting the wider operating system (through a method known as ‘sandboxing’), this has been broken on more than one occasion, once where Mobile Safari was hacked to transmit the user’s SMS database to a remote server, and again when a website was launched that allowed users to remotely jailbreak their phones via a website.