CVE-2015-3710

Vulnerability

Mail in Apple iOS before 8.4 and OS X before 10.10.4 contains a vulnerability that allows remote attackers to trigger a refresh operation via a crafted HTML e-mail message, causing a visit to an arbitrary web site. The affected versions are iOS 8.3 and earlier, and OS X Yosemite 10.10.3 and earlier [1][2].

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted HTML e-mail message to a target user running a vulnerable version of Mail on iOS or OS X. The attacker only needs the ability to send an email; no other authentication or user interaction beyond opening the email is required. The crafted HTML triggers a refresh operation, leading the Mail application to load the attacker-controlled web page [1][2].

Impact

Successful exploitation forces the Mail application to visit an arbitrary web site determined by the attacker. This could be used for tracking, phishing, or other malicious purposes. The impact is a breach of confidentiality (disclosure of the fact that the user opened the email) and potential exposure to further attacks if the loaded web site exploits other vulnerabilities.

Mitigation

Apple fixed this vulnerability in iOS 8.4 and OS X Yosemite 10.10.4, released on June 30, 2015 [1][2]. Users should update to these or later versions. No workaround was provided for unpatched systems.