Living in an online society means you’re at risk daily at being a victim of a hack attack, it seems that every few days we hear stories of a new hack on a company meaning our personal data is compromised. Today a security researcher Sabri Haddouche has discovered a collection of vulnerabilities that are affecting more than 30 popular email client software which can be exploited by an attacker to send spoofed messages bypassing anti-spoofing systems.
Spoofing an email means an attacker modifies email headers and send an email with the forged sender address to trick recipients into opening the message believing they are receiving it from a trusted source.
Dubbed MailSploit, the list of vulnerable clients includes Apple Mail (macOS, iOS, and watchOS), Mozilla Thunderbird, several Microsoft email clients, Yahoo Mail, ProtonMail, and others. Worryingly all versions of Apple mail including watch
Thankfully some of these have been fixed which are listed below
- Hushmail WEB
- Openmailbox.org WEB
- Open Xchange (Mailbox.org, Namecheap Private Email…) WEB
- ProtonMail WEB
- Yahoo! Mail (new interface in beta) WEB
- Intercom WEB
- ProtonMail ANDROID & iOS
- Yahoo! Mail ANDROID & iOS
For the full list of those affected and those who are not you can view here.