Airmail has just released an update which patches a known security vulnerability in the e-mailing service. Security analysts recently discovered that the client was vulnerable to malicious exploits that could allow foreign and unauthorized persons to access and read sent and received emails in the context of a victim user. The patch released fixes the vulnerable channels that could have been exploited to gain such unwarranted access.
Airmail is Apple’s version of Windows Mail. It is essentially a “lightning fast” emailing client for iPhone and Mac OSX devices, providing support ready for the iOS 11 and Mac OS High Sierra. The application is designed to be the primary portal for the iCloud email domain name. It also includes support for other domains such as Hotmail, Gmail, and AOL to be hosted as additional inboxes as well.
According to a blog post by Versprite, an information technology security analytics firm, the latest version of the client, Airmail 3, utilizes two things to manage the emailing service: the first is a custom URL scheme and the second is the email’s store point location. As explained by the minds at Versprite, if a malicious attacker manages to get a hold of these two pieces of information, s/he could use a URL scheme based phishing mechanism to retrieve any and all email conversations of a particular Airmail user.
Although this exploit is considered heavily theoretical as it is unseen as of yet in real time execution, Apple has rolled out version 3.6 of its Airmail e-mailing client to resolve this potential URL scheme vulnerability. The update is expected to roll out and install automatically on Apple devices over the next few days as part of regular main frame updates. If you wish to update your application immediately, the updated version is available on the App Store for download and installation as well as the application’s website.