![]() ![]() A patch for the library is publicly available, however this has not been incorporated yet into an official library release. While testing Canary Mail with the IMAP STARTTLS setting, CENSUS found that the iOS and MacOS versions of the software would happily connect to a fake IMAP service introduced. The same vulnerability also affects other software that are based on the MailCore2 library (including version 0.6.4). Download full version for mac Because most sensitive information is communicated over email, Canary mail included end-to-end encryption. CENSUS performed a functional security test to a number of mail clients, looking for possible vulnerabilities related to man-in-the-middle attacks. CENSUS strongly recommends to iOS and MacOS users of the Canary Mail software to update to version 3.22, as this version carries a fix for the aforementioned vulnerability. This vulnerability allows man-in-the-middle attackers to collect a victim user's email credentials (while these are communicated to the IMAP service), to access email messages and perform other IMAP actions to the victim account, but also to modify email messages while in-transit to Canary Mail. And it's ready to deploy for you & your organization. If you have already purchased separate subscriptions for iOS & macOS. Features: Unified Inbox, Inline replies, support for Gmail. Introducing iOS + macOS Subscription Bundles. Improper Certificate Validation ( CWE-295)ĬENSUS identified that the Canary Mail software in versions 3.20 and 3.21 (and possibly previous versions) is missing a certificate validation check when performing an IMAP connection configured with STARTTLS. Start using Canary for free Canary is simple. Canary Mail is an exciting new email client for Mac thats designed to be simple and elegant. Canary Mail and MailCore2 library missing certificate validation check on IMAP STARTTLS CENSUS ID:Ĭanary Mail for iOS and MacOS versions 3.20 and 3.21, MailCore2 library version 0.6.4
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |