A security researcher has warned that Maibox for iOS has a serious bug, which if exploited allows for arbitrary code-execution potentially leading to exposure of users’ personal data.
Michael Spagnuolo published his findings in a blog post stating that
The researcher notes that this vulnerability is dangerous because it can allow attackers to use “advanced spam techniques, tracking of user actions, hijacking the user by
just opening an email, and, using an exploiting framework, potentially much worse things.”
In the video Spagnuolo opens very low profile apps by exploiting the vulnerability on Mailbox for iOS such as text messaging, music app, and photos, but hacker may be able to force the iOS device to execute code which is highly malicious leading to exposure of personal data.
As of this writing Mailbox for iOS is likely to be vulnerable to the flaw as there has been no official word from Apple yet. Spangnuolo has gone ahead with a public disclosure directly as Dropbox would have definitely heeded to the warning and resolved the issues before it was made public. There is no official word on the number of active users of this app, but from the statistics linked with the app on the Apple App Store we do know that over 40,000 users have reviewed the app.
We recommend our readers not to use Mailbox for iOS up until Dropbox either releases a fix or releases a new version of the app with the resolution.