Major Vulnerability for iOS with Mailbox.app

Mailbox.app is an email application for iOS devices that was recently acquired by Dropbox less than a month after it launched.

According to this blog post by Miki Spag, Mailbox.app will execute any Javascript included in the body of an email. Spag writes that this vulnerability “allows advanced spam techniques, tracking of user actions, hijacking the user by just opening an email, and, using an exploiting framework, potentially much worse things.”

In the video below, Spag demonstrates how simple it is to execute Javascript code from within the app.

Currently Mailbox is only available for iOS and only works with Gmail, but it works to achieve “Zero Inbox.”

Until Mailbox developers are able to patch this substantial exploit, Roboscan recommends iOS users default to the native Mail app or to Gmail’s iOS app.

Tumblr App Vulnerability Compromises Users Passwords

According to a blog post on Tumblr’s staff blog, a significant vulnerability put many users login information at risk or exposed.  Tumblr has over 300 million monthly unique visitors.

The accounts at risk have used the iPad or iOS application and Tumblr is urging users to download the security update. The popular micro-blogging site is also asking users to update their password immediately, as well as any other accounts of theirs using the same password.

Tumblr offers a brief apology to its users saying, “Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.”

Visit the App Store on your iOS device to update your Tumblr app immediately, and visit the desktop site to change your password.