iOS 16 Mail app can be crashed with this string of text

Every now and then we see a bug in iOS that can render an entire app unusable. In the past, these bugs have affected apps like Safari and Messages. However, a new bug in iOS 16 can completely lock you out of the Mail app with a single email that contains some strange text in the “from” field. Here are the details and how it affects each email service…

iOS 16 Mail app crashes due to junk text

The bug was discovered by the folks at Equinux, which makes a VPN Tracker service for Mac and iPhone. The team discovered this bug in iOS 16 while analyzing spam emails.

We started seeing iOS mail issues for several people on our team: Mail crashed immediately upon launch.

It turns out that the team had all received the same spam message. Looking at the raw source of the message didn’t immediately reveal any red flags – it was a fairly simple HTML email. However, a look at the mail headers showed that the spammers had done something unusual in the “from” field.

Normally, the “From” field in an incoming email looks like this:

But the malicious email has a “From” field that looks like this instead:

  • From: “”@example.com.

What this means, according to Equinux, is that “anyone can send any iOS 16 user an email that can lock them out of their inbox.” They have set up a form field on their website that you can use to test the bug, which they refer to as “Mailjack.”

Mailjack can affect the Mail app on any device running iOS 16 (the stable release), iOS 16.0.1 on iPhone 14, and the latest iPadOS 16 betas. But there are some caveats. Some email services, including Gmail, Outlook and Hotmail, rewrite incoming emails to prevent things like this from happening.

Additionally, Gmail and Yahoo completely block these malicious emails. But one of the email services that does nothing to protect against these emails is iCloud Mail, Apple’s own first-party option. There are also a number of IMAP mail services that “do not correct or rewrite incoming mail.”

A simple way to test is to use your iCloud email account, but note that it may be marked as spam (you should check your spam folder). Note that not all email providers deliver the message, as they may transcribe emails before delivering them to the device.

The email may also get caught in the “Spam” inbox. In this situation, the Mail app will crash every time you check your spam inbox. This is better than having the email appear in your primary inbox, but emails are able to escape to the primary inbox quite easily depending on the sender.

The solution to this problem for now is to delete the email from your account on a device not running iOS 16 or via another email client:

As soon as you delete the email from your account using another device, another email client, or on the web, Mail will refresh your inbox and stop crashing. Moving the email to a subfolder in an IMAP email account will also fix your inbox, but Mail will crash again if you navigate to that folder.

We’ve reached out to Apple for comment. For now, you can test the Mailjack bug yourself on the Equinix website or just check out the GIF below. (I tested it and don’t recommend trying it, but that’s up to you.)

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

William

Leave a Reply

Your email address will not be published.