Another Apple Security Failure (Apple Mail on the iPhone)

2013.11.12

Credit: Jeffrey Walton

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

My iPhone does not store sensitive information. Its a phone an music
player only. (I'm not sure it could save sensitive information if I
needed it, as the following demonstrates).
About 6 weeks ago, a colleague was having trouble adding an email
account to his iPhone and sending email. I allowed him to add his
account to my iPhone for testing. After testing, we deleted the
account.
My colleague was having trouble with Apple iPhone mail again this
week. This time, I added my account to the phone. I used my account
because he's remote and I don't want his password. Note: we use the
same incoming and outgoing email servers.
After running the setup wizard, my outgoing server was populated with
his email credentials - both username and password.
So much for deleting that username and password about 6 weeks ago.

References:

http://seclists.org/fulldisclosure/2013/Nov/79

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Another Apple Security Failure (Apple Mail on the iPhone)

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.