Mailicious: iOS 16 Mail App May Crash When Receiving a Tailored Email

avatar-user Nick Howard 2022-10-05
blog image

It’s never okay with the first release of any OS, and iOS is no exception. The vulnerability in the new mobile OS by Apple is this time in the mail app. The bug causes it to crash after receiving a specially tailored email which contains extra characters in the “from” field. The Cupertino company hasn’t addressed the bug yet.

This bug, already dubbed “Mailjack”, has been reported by various sources. This can be misused, because with these emails an iPhone or iPad user can be just forced out of using their email account if they can’t access it any other way.

After the initial release, Apple has also released the 16.0.2 patch which addresses some notorious issues, like camera vibration, copy-and-paste permissions required every time you try to paste between apps, or VoiceOver unavailability after rebooting. The mail app issue, though, was not mentioned in the release notes. So, we’ll have to wait for another patch that fixes this problem (and maybe some others that most of us haven’t encountered).

But while Apple is still working on it (hopefully), mail services are already solving it in their own way. Outlook, Hotmail, Gmail, and Yahoo all rewrite these unconditional “from” fields to prevent the bug from taking the effect. The only popular mail service that hasn’t reacted yet is strangely the iCloud Mail, which was supposed to make the first move.

Until the patch arrives, there is only one way to prevent these messages from doing their malicious work. If you have any other device or even an iPhone with iOS 15 or earlier, you better use it for checking your mail and deleting the potentially harmful messages. You can also install a third-party mail client on your iPhone (Outlook, Edison Mail, or Unibox, for example) which isn’t vulnerable to this.

Have you encountered this bug on your iPhone? How did you handle it? Did you manage to access your mail after this? Share your experience with us in the comments please!

Latest posts

See more