iOS 16 ‘Mailjack’ bug causes Mail app to crash when receiving malicious emails: full details


An iOS 16 bug has reportedly caused the Mail app to crash on iPhone and iPad models that have been updated to the latest version of Apple’s operating system, rendering it inaccessible. The bug comes in the form of a routine-looking email message, which has an unusual sender field that includes extra characters that cause the Mail app to crash on iOS 16. The bug has been dubbed “Mailjack and allows any stranger to lock iPhone and iPad users out of their email accounts with an edited email.

The email triggering the crash was identified by Equinux’s VPN Tracker. Typically, the “From” field contains the sender’s name followed by their email address in the syntax — From: [email protected] However, the email triggering the crash had the from field syntax like — From: “”@example.com. Email services such as Gmail, Outlook, and Hotmail automatically rewrite these incoming emails with unusual syntax to prevent such triggers.

While Gmail and Yahoo have filters in place to completely block these maliciously crafted emails, Apple’s iCloud Mail does not appear to have such rewrite or filtering mechanisms in place, according to the report.

The current workaround to avoid the trigger is to delete the message from the inbox or spam folder of a device running an older version of iOS or through an external email client. Users can also choose to move the trigger email to another subfolder on an IMAP email account. However, navigating to the respective subfolder will cause the app to crash again according to the website. Administrators can also choose to add the syntax “”@example.com to their list of emails blocked through email security software or firewalls.

Equinux VPN Tracker has created a dedicated web page where users can test the bug trigger by entering their email address. However, users are advised not to try this as it may prevent them from accessing their emails unless they have access to an older iOS or external email client to delete the trigger message.


Tech

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button