Survey Shows Majority of Companies Are Vulnerable to BYOD Risks Did you know that the Mailbox iPhone app had a serious security flaw? I first heard about it when I logged on to my email this morning, and found this note from Kevin O’Brien, enterprise solution architect at CloudLock: An Italian software engineer revealed that […]
Survey Shows Majority of Companies Are Vulnerable to BYOD Risks
Did you know that the Mailbox iPhone app had a serious security flaw?
I first heard about it when I logged on to my email this morning, and found this note from Kevin O’Brien, enterprise solution architect at CloudLock:
An Italian software engineer revealed that a significant security flaw exists in the popular Mailbox application that many users of iOS devices rely on for mail access. The report that was released demonstrated that maliciously formed emails received by end-users of the incredibly popular Mailbox app can be used to execute arbitrary code, exposing both the device and the account associated with it to a wide range of potential risks, including the complete compromise of any sensitive data stored within them.
No, I hadn’t heard that, so I went to investigate a little further. Security expert Graham Cluley posted this on his blog:
Italian security researcher Michele Spagnuolo – who has previously found security flaws in Google, eBay, MailChimp and Yahoo – discovered that the Mailbox app will execute any Javascript which is present in the body of HTML emails. The makers of the Mailbox app have been aware of the security vulnerability since the end of May 2013, but the vulnerability is still there.
The blog was published late yesterday afternoon. Other articles I saw as I investigated the story added an update: The problem has been fixed. At first glance, it’s easy to be impressed. Problem was made public yesterday; problem fixed in a matter of hours. But then you take a second look at what Cluley wrote – that Mailbox, which is owned by Dropbox, has been aware of the vulnerability for several months. In fact, Infosecurity shared a Twitter exchange from May, where a Twitter user reported the Javascript problem and Mailbox responded with “We’re working on it!”
This story is a good reminder that most vulnerabilities and security flaws are a problem long before the news reaches the general public, and it may be that negative publicity that spurs the software developers to provide a fix.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
