A bug introduced in an iOS software update on the Edison Mail, a popular third-party email app, allow strangers to view emails.
The email app has cautioned thousands of iOS users that their emails may have been affected following a security fault that let complete strangers view emails.
Owned by Edison Software Inc., Edison Mail is in the top 100 output apps on the Apple app store, and is dubbed as “lightning fast and secure mail.” As per Edison Mail, a recent iOS update produced a momentary bug in the app. This fault possibly allowed the unlawful email account access of 6,480 iOS Edison Mail users to other users.
“On Friday, May 15th, 2020, a software update enabled users to manage accounts across their Apple devices,” said Edison in a statement on Sunday. “The issue only impacted a fraction of our iOS app users (and no Android or Mac users were affected). This temporary issue was a bug, and not related to any external security issues.”
The company said it has fixed the issue as of Saturday, and all accounts have been protected.
The problem seemed to arise from a new syncing feature that was unveiled in the Friday update (update 1.20.2), after which numerous Edison Mail users took to Twitter to grumble that they were viewing up to 100 unread email messages from strangers’ accounts under their own Edison Mail inboxes. They could read others’ emails without identifications, the tweets suggested, and couldn’t correct their sync settings to remove the emails.
“Clearly someone with the device “Mandy’s iPhone) currently has full access to my email accounts. Please tell me the data deletion works at least?” one Edison Mail user said on Twitter.
“This is a SIGNIFICANT security issue,” one Twitter user said. “Accessing another’s email w/o credentials! Never trusting this app again.”
On Sunday, Edison Mail emphasized that no passwords or credentials were uncovered or affected. The app also stated that as a safety precaution, the subsequent patch (in version 1.20.4 ) barred all possibly affected users from being able to access any mail from the Edison Mail app.
“We apologize for temporarily pausing the app from working for many users, which was required to ensure the safety and protection of all potentially impacted users,” said Edison Mail.
“As an additional precaution, Edison has already contacted impacted users and asked them to change their email account password,” according to Edison Mail. “If you have not received an email, you were not impacted.”