CVE-2018-15667

Name of the Vulnerable Software and Affected Versions Bloop Airmail 3 version 3.5.9

Description An issue in Bloop Airmail 3 allows external applications to send arbitrary emails from an active account without authentication, using the airmail:// URL scheme. The send command in this scheme can be invoked by any method, such as a hyperlink in an email, and processes the command without prompting the user, leading to automatic transmission of attacker-crafted emails.

Recommendations For Bloop Airmail 3 version 3.5.9, consider disabling the airmail:// URL scheme handler until a patch is available to prevent unauthorized email sending. Restrict access to the send command in the URL scheme to minimize the risk of exploitation.