This exploit demonstrates a file:// XSS vulnerability in Airmail (version 3.0.2 and earlier) on OS X and iOS. It leverages JavaScript URI execution to achieve arbitrary file read via XMLHttpRequest, exploiting the embedded WebKit's handling of URI schemes.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:Airmail 3.0.2 and earlier
No auth needed
Prerequisites:Victim must click on a malicious link in an email