An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Mail component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mac_os_x | Apple | * | 10.13.4 (excluding) |