in 10.12 and 10.13.2 beta 6 Vulnerable to Mailsploit Exploit

Number:rdar://35880860 Date Originated:12/6/2017
Status:Closed as Dupe Resolved: Product Version:10.3 build 3273 and 11.2 build 3445.5.20
Classification:Security Reproducible:Yes
Please see here for full details: in both 10.12.6 (Version 10.3 / 3273) and 10.13.2 beta 6 (Version 11.2 / 3445.5.20) are vulnerable to spoofed sender messages as outlined above.

Steps to Reproduce:
Using the testing tool provided by the Mailspoit explanation site, send test messages. In either version of, check for delivery of messages.

Expected Results:
In properly patched client, the spoofed messages should be rejected and/or flagged as suspect.

Actual Results:
Test messages are received in the In Box without further warning

10.12.6 (16G1036) and Mail 10.3 build 3273
10.13.2 beta 6 (17C85a) and Mail Version 11.2 build 3445.5.20


Has been marked as a duplicate of 35716601

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!