Security News > 2021 > April > Apple Mail Zero-Click Security Vulnerability Allows Email Snooping
A zero-click security vulnerability in Apple's macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail's sandbox environment, leading to a range of attack types.
According to Mikko Kenttälä, founder and CEO of SensorFu, exploitation of the bug could lead to unauthorized disclosure of sensitive information to a third party; the ability to modify a victim's Mail configuration, including mail redirects which enables takeover of victim's other accounts via password resets; and the ability to change the victim's configuration so that the attack can propagate to correspondents in a worm-like fashion.
"In the valid use case, if the user creates email and adds the folder as an attachment it will be automatically compressed with ZIP and x-mac-auto-archive=yes; is added to the MIME headers. When another Mail user receives this email, compressed attachment data is automatically uncompressed."
"The first.ZIP includes a symlink named Mail which points to victims' $HOME/Library/Mail and file 1.txt," said Kenttälä.
"The.ZIP gets uncompressed to $TMPDIR/com.apple.mail/bom/. Based on the filename=1.txt.zip header, 1.txt gets copied to the mail director and everything works as expected. However, cleanup is not done right way and the symlink is left in place."
"In my example case I wrote new Mail rules for the Mail application. With that you can add an auto forward rule to the victim's Mail application."
News URL
https://threatpost.com/apple-mail-zero-click-security-vulnerability/165238/
Related news
- Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability (source)
- Docker-OSX image used for security research hit by Apple DMCA takedown (source)
- Vulnerability allows Yubico security keys to be cloned (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Security measures fail to keep up with rising email attacks (source)
- Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers (source)
- Apple releases iOS 18, with security and privacy improvements (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Apple's latest macOS release is breaking security software, network connections (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)