A patch for the library is publicly available, however this has not been incorporated yet into an official library release. It is used by many applications (the project page mentions 20+ mail applications). MailCore2 is a library with a C++ core for handling email-related protocols that supports builds on iOS, OS X, Android, Windows and Linux. The app is filled with productivity features like Read-Notifications, One-Click Unsubscribe, Snooze. Canary Mail carries a modified version of the MailCore2 library. The same vulnerability also affects other software that are based on the MailCore2 library (including version 0.6.4). You can access all your Gmail, iCloud, Office365, Yahoo, and more accounts with Canary. Canary Mail is an exciting new email client for Mac that offers a full set of powerful features with one key difference - your emails are not stored on a. CENSUS strongly recommends to iOS and MacOS users of the Canary Mail software to update to version 3.22, as this version carries a fix for the aforementioned vulnerability. ![]() And it's ready to deploy for you & your organization. Click Finder on the Dock, and then click Applications on the left. This vulnerability allows man-in-the-middle attackers to collect a victim user's email credentials (while these are communicated to the IMAP service), to access email messages and perform other IMAP actions to the victim account, but also to modify email messages while in-transit to Canary Mail. Start using Canary for free Canary is simple. Traditional option remove the application to the Trash Close the application on the Mac. Improper Certificate Validation ( CWE-295)ĬENSUS identified that the Canary Mail software in versions 3.20 and 3.21 (and possibly previous versions) is missing a certificate validation check when performing an IMAP connection configured with STARTTLS. Canary Mail and MailCore2 library missing certificate validation check on IMAP STARTTLS CENSUS ID:Ĭanary Mail for iOS and MacOS versions 3.20 and 3.21, MailCore2 library version 0.6.4
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |