Full Disclosure mailing list archives

Re: Another Apple Security Failure (Apple Mail on the iPhone)....

From: Caspian Kilkelly <caspian () random-interrupt org>
Date: Fri, 15 Nov 2013 00:23:33 -0500


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What version of IOS was this? I'm looking into something similar on
other apple platforms, but it doesn't seem consistently repeatable.

On 13-11-11 6:41 PM, Jeffrey Walton wrote:

My iPhone does not store sensitive information. Its a phone an music
player only. (I'm not sure it could save sensitive information if I
needed it, as the following demonstrates).

About 6 weeks ago, a colleague was having trouble adding an email
account to his iPhone and sending email. I allowed him to add his
account to my iPhone for testing. After testing, we deleted the
account.

My colleague was having trouble with Apple iPhone mail again this
week. This time, I added my account to the phone. I used my account
because he's remote and I don't want his password. Note: we use the
same incoming and outgoing email servers.

After running the setup wizard, my outgoing server was populated with
his email credentials - both username and password.

So much for deleting that username and password about 6 weeks ago.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



- -- 
Caspian Kilkelly
CISSP/CSM
+1.514.577.6311
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSha/VAAoJEFQr1oY0cT5NJd4IAJqPrfCUCQUjPd+QipbFo5/H
ErUHM6kQe8A84tSvl88+lbGk5sCzJi7QVLodWk8RZgssrAOnORvBOreNwFU+UVwt
Twnm7KfmMPsSVV/36WtflE69u098Rs+dIRCKqGo9IYKyTBVI7e8bzdYr5DAniW+Z
8iF5eYZX/YwnYTFQgo31eSzzMKInZ1TNEPmj1jaD0qdRge95yJOzeG8lWSQqZAB8
LFlPzKexAp+ESrZwmQjegP9GjtD1caL5FvGq1nlmWCmFAtPe9tQpIiefw+mvK2Fc
cNO/XgxFofn+2wCzncKpSMQAuifqhSlSOXFi0G7cb9Wiop52XTkmMmV7L2NXpCo=
=YzRt
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Another Apple Security Failure (Apple Mail on the iPhone).... Jeffrey Walton (Nov 11)
- Re: Another Apple Security Failure (Apple Mail on the iPhone).... Caspian Kilkelly (Nov 14)
  - Re: Another Apple Security Failure (Apple Mail on the iPhone).... Jeffrey Walton (Nov 14)