Design/Logic Flaw

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the...

CVE-2018-15669

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not...

CVE-2018-15667

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use it...

CVE-2018-15670

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the...

Design/Logic Flaw

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not...

Command injection

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use it...

CVE-2018-15667

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use it...

CVE-2018-15668

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment" prefix designate attachment parameters. If the...

CVE-2018-15669

In Bloop Airmail 3.5.9 for macOS, the primary WebView policy function webView:decidePolicyForNavigationAction:request:frame:decisionListener: blacklists only requests from HTMLIFrameElements. Other HTMLFrameOwnerElements subclasses are not restricted, allowing an attacker to abuse HTML plug-in el...

CVE-2018-15670

Bloop Airmail 3.5.9 for macOS is affected. The primary WebView can trigger OpenURL by default during navigation handling, and a navigation request is accepted only when the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker could exploit HTML elements with an EventHandler to influence naviga...

Airmail 3 Exploit Instantly Steals Info from Apple Users

Severe vulnerabilities in the Airmail 3 software – an alternative to Apple Mail for MacOS – would allow a remote attacker to steal a user’s past emails and file attachments, in many cases without requiring user interaction beyond simply opening a weaponized message, researchers said. Security...