Airmail 3 for Mac Advisory:EventHandler Race Condition: CVE-2018-15670

Home | Research | Resources | Advisories | Airmail 3 for Mac

Airmail 3 for Mac

EventHandler Race Condition

CVE ID

CVE-2018-15670

VENDOR

Bloop S.R.L.

PRODUCT

Airmail 3 for Mac

Product version

3.5.9

Vulnerability Details

Airmail's primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that "OpenURL" is the default URL handler. A navigation request is processed by the default URL handler only if the "currentEvent" is "NX_LMOUSEUP" or "NX_OMOUSEUP". An attacker may abuse HTML Elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the "NX_LMOUSEUP" event triggered by clicking an email.

Learn More →

Vendor response

No response.

Disclosure timeline

08-06-2018 - Vendor disclosure via email
08-13-2018 - Vendor notified via Support Page
08-21-2018 - Vendor notified of the advisory release

What is PASTA Threat Modeling?

Blog Post

Threat Intelligence

PASTA threat modeling is a leading threat model methodology that allows you to realize an attacker’s motivations, perform risk analysis, and prioritize risks based on their business impact. This article breaks down all seven stages of the process.

DevSecOps: Automating Security Testing in a CI/CD Pipeline

Blog Post

Continuous Integration & Continuous Delivery (CI/CD)

In this tutorial, VerSprite’s DevOps team walks you through how to automate SAST into your CI/CD pipeline

Companies Using VMware ESXi Are Being Targeted by Ransomware

Blog Post

Web Application Security

Companies using VMware ESXi are being targeted by ransomware-as-a-service, resulting in encrypted virtual hard drives. Learn the business impact of this attack and get mitigation recommendations from VerSprite’s Threat Intelligence Group.

We are an international squad of professionals working as one.

[email protected]