Mail.app in 10.12 and 10.13.2 beta 6 Vulnerable to Mailsploit Exploit
Originator: | broccardo | ||
Number: | rdar://35880860 | Date Originated: | 12/6/2017 |
Status: | Closed as Dupe | Resolved: | |
Product: | Mail.app | Product Version: | 10.3 build 3273 and 11.2 build 3445.5.20 |
Classification: | Security | Reproducible: | Yes |
Summary: Please see here for full details: https://www.mailsploit.com/index Mail.app in both 10.12.6 (Version 10.3 / 3273) and 10.13.2 beta 6 (Version 11.2 / 3445.5.20) are vulnerable to spoofed sender messages as outlined above. Steps to Reproduce: Using the testing tool provided by the Mailspoit explanation site, send test messages. In either version of Mail.app, check for delivery of messages. Expected Results: In properly patched client, the spoofed messages should be rejected and/or flagged as suspect. Actual Results: Test messages are received in the In Box without further warning Version/Build: 10.12.6 (16G1036) and Mail 10.3 build 3273 10.13.2 beta 6 (17C85a) and Mail Version 11.2 build 3445.5.20
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Has been marked as a duplicate of 35716601