A new bug in iOS 16 has been revealed that causes the Mail app to flashback simply by sending an email containing a special text string.
The bug was discovered by Equinux, a company that discovered the vulnerability in iOS 16 while analyzing spam emails. The company says that many people on the team were experiencing a crashing issue with the iOS Mail app, which manifested itself as an immediate flashback when the app was launched.
Their research revealed that their team had all received the same spam email, which at first glance appeared to be an ordinary HTML email. However, a quick look at the email header showed that the spammer had done something in the “From” field.
Typically, the “From” field in an email looks like this.
"From: [email protected] "
But the spam email had a few extra characters in the “From” field that caused the Mail app to crash.
According to Equinux, this means that “anyone can send an email to any iOS 16 user that can crash their mail app. They have created a form field on their website that can be used to test for this bug, which they call “Mailjack”.
Mailjack can affect the Mail app on any device running iOS 16 (stable), iOS 16.0.1 on iPhone 14, and the latest iPadOS 16 beta, though some mail services, including Gmail, Outlook, and Hotmail, will rewrite incoming messages to prevent something like this from happening.
In addition, Gmail and Yahoo block these malicious emails entirely, but not iCloud Mail, Apple’s own mail service.
The email may also be classified as “spam” in the inbox, and if so, the Mail app will only crash every time the spam inbox is viewed, which is a little better than if the email appears in the main inbox.
Currently, the solution to this problem is to remove the spam from the account on devices that are not running iOS 16 or through a different mail client.
Apple has not yet responded to this.