Published: 03/07/2015 Updated: 22/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Mail in Apple iOS prior to 8.4 and OS X prior to 10.10.4 allows remote malicious users to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple mac os x

iOS 8.3 Mail.app inject kit

iOS 83 Mailapp inject kit Back in January 2015 I stumbled upon a bug in iOS's mail client, resulting in <meta http-equiv=refresh> HTML tag in e-mail messages not being ignored This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message JavaScript is disabled in this UIWebView, but it is still possible to build a

CWE-254 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75491 http://www.securitytracker.com/id/1032760 https://nvd.nist.gov https://github.com/jankais3r/iOS-Mail.app-inject-kit

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-3710

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect