But Spagnuolo, on his own blog, claims that he quickly found a way to bypass Mailbox’s filtering:
Although we haven’t seen any reports of criminals exploiting this vulnerability, it’s clearly something that needs to be patched as quickly as possible.
While we’re waiting for Mailbox, now owned by Dropbox, to develop and update and fast-track it through Apple’s vetting to public release in the App Store, we should all be grateful that Spagnuolo hasn’t published details of how to bypass the rudimentary protection Mailbox put in place.
“We’re working on it!”
Meanwhile, it has also been confirmed that Spagnuolo wasn’t the only researcher to alert Mailbox about the security vulnerability.
Their response? “We’re working on it!”
“We’re working on it”? Hmm. That was at the end of May…
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
This is how it works these times (and tbh, always has): as long as its not a problem(not really encountered "in the wild"), vendors won't care if theres a problem with their code. This, however, does not apply to every company – luckily.