CVE-2018-15667
CVE-2018-15667 concerns Bloop Airmail 3.5.9 on macOS, where the airmail:// URL scheme’s “send” command lets an external app send arbitrary emails from an active account without authentication. The URL handler imposes no restriction on callers and can be invoked via hyperlinks or other URL invocat...