An Apple Mail bug in iOS 16 means that an incoming email with a specifically crafted "From" field can lock users out of the app, but there is a solution.
Apple Mail has seen sporadic bugs before, such as syncing problems in 2021. But now, the latest version has been found to be susceptible to maliciously crafted spam.
According to VPN Tracker, this serious flaw affects any iOS 16 device. After multiple staff members at the company were seeing Mail crashing immediately on launch, its engineers discovered the flaw.
"It turns out the team had all received the same spam message," reports the company in a blog posting. "Looking at the raw source of the message didn't immediately reveal any red flags — it was a pretty basic HTML email."
"However, a look at the mail headers showed that the spammers had done something unusual in the 'from' field," it continues. Instead of a regular email address in the from field, the initial part of the address was replaced by two double quotes.
So instead of [email protected], the message said it was from ""@example.com.
VPN Tracker notes that what it calls the #MailJack bug is still present in the beta releases of iOS 16.1, and also iPadOS 16.1 The company has filed a report with Apple and recommends that emails formatted like this should be blocked.
"The good news is there's an easy way to stop the crash, provided you have alternative access to your email account (not using iOS 16!)," says the company.
- Open Apple Mail on another device, or online via icloud.com
- Delete the spam email
This makes Mail write to its email database. As soon as it does this, it unlocks the disabled Mail app..
This flaw is specifically for Apple Mail on iOS 16 and iPadOS 16. It does not appear to affect Mail on the Mac. Gmail and Yahoo appear to be filtering the messages out.