If you receive a mail message that you suspect to be malicious and receive a confirmation message that the message was validated, the issue may occur. A malicious user may be able to send a message that appears validated to an unsuspecting user. The issue occurs when the user is using an older version of the Mail app and a maliciously crafted message is received. If the user is using iOS 12 or an earlier version, the malicious message will be validated. If an older version of the Mail app is used, the message may be validated even if it is not validated by another app. This issue was addressed with improved warnings when receiving a message that was validated by another app. A maliciously crafted message may be validated even though it is determined to be malicious.

CVE-2023-22590

If you receive a mail message that you suspect to be malicious and receive a confirmation message that the message was validated, the issue may occur. A malicious user may be able to send a message that appears validated to an unsuspecting user. The issue occurs when the user is using an older version of iOS or an earlier version and a maliciously crafted message is received. If the user is using iOS 12 or an earlier version, the malicious message will be validated. If an older version of iOS or an earlier version of Mail app is used, the message may be validated even if it is not validated by another app. This issue was addressed with improved warnings when receiving a message that was validated by another app. A maliciously crafted message may be validated even though it is determined to be malicious.

Vetting:

How to Detect a Malicious Mail Message

Vetting is the process by which a user checks the legitimacy of a message before opening it. For example, if you receive an email, you might decide not to open it because it looks suspicious. Vetting is the process of examining an email message or webpage with various resources to determine its legitimacy before opening.

To vet your messages and protect against malicious ones, you need to have your browser firewall on and use the latest version of iOS. To vet more carefully, you can also create a security question and answer between you and your device so that if someone sends a malicious link in an email, they will not be able to get into your device. If this happens, iOS will alert the user.

Vulnerability discovered by Adriano Borges de Castro

Vulnerability in Messages for iOS: A maliciously crafted message that appears validated will be validated even if it is not validated by another app.

Vulnerability Discovery

CVE-2022-22589 is a vulnerability in the Mail app for iOS. The issue may occur when a maliciously crafted message is received and validated by other apps.

Timeline

Published on: 03/18/2022 18:15:00 UTC
Last modified on: 05/26/2022 06:15:00 UTC

References