Security Flaw in Airmail 3 for Mac Could Allow Attackers to Gain Access to Your Old Emails

Airmail 3

A shocking new vulnerability has been spotted on Airmail 3. Revealed by security firm VerSprite, this glitch allows attackers to systematically target a particular email address and get access to previously sent emails as well as attachments.

Update: The developers behind Airmail 3 for Mac, have issued a software update to address this particular issue, effectively patching the security flaw. The update is version 3.6 and it is rolling out into the Mac App Store Now.

The original article continues below.

This is possible due to a combination of factors, but mostly because Airmail uses a custom URL scheme which can send outbound emails and attachments on its own without human interaction. The research team also pointed out that Airmail 3 stores all the emails in a pretty prominent location, thus making it easier for the attacker to target a particular email address.

An attacker then, for example, can create a clickable link that matches Airmail’s custom URL scheme. If the victim interacts with this email, all the older messages are then sent over to the hacker almost instantly.

There are some caveats to this vulnerability, however. Firstly, the exploit is dependent on human interaction, so it cannot operate on its own.

There have been attempts to make a completely autonomous exploit that would allow Airmail 3 to send all older emails without the user opening the email or interacting in any way, although the app doesn’t appear to be susceptible to that as of yet. Users who have renamed their account from the default name are also safe from this particular glitch.

The idea here is to inform the makers of Airmail 3 about the security risks that could arise with a bug like this. Given that this is a 3rd party mail application, the concerns will be understandably severe. However, the exploit was only found on the macOS client of Airmail 3, while the iOS client appears to be immune as of now.

[Via VerSprite]