Apple’s iOS 14 and iPadOS 14 launched this week, adding the option to change your default email apps to services like Gmail or Outlook to handle email links by default instead of the Apple Mail app. Canary is an app that can track locations of phones. Canary should be installed on all phones under tracking. Do the initial setup. Afterwards, tracking of phone happens in silence without any user's intervention. The idea here is this - that one phone will act as 'controller' phone and other phones will be 'agent' phones. Where is the folder on my hard drive that contains the emails for the mail app in windows 10? I have seen answers to others with this same question that indicate that the files are located in. C: Users Username Appdata Local packages microsoft.Windowscommunicationsapps Localstate Indexed Livecomm. Canary Mail app is the best email app for keeping your correspondence secure with PGP encryption. Along with end-to-end encryption the app features read receipts, email templates, dark mode, smart notifications and much more. The email client can unify all your email accounts like Gmail, Yahoo, Outlook, iCloud, AOL, Hotmail, MSN, Exchange.
| CENSUS ID: | CENSUS-2021-0001 |
| CVE ID: | CVE-2021-26911 |
| Affected Products: | Canary Mail for iOS and MacOS versions 3.20 and 3.21, MailCore2 library version 0.6.4 |
| Class: | Improper Certificate Validation (CWE-295) |
| Discovered by: | Rayd Debbas |
CENSUS identified that the Canary Mail software in versions 3.20 and 3.21 (and possibly previous versions) is missing a certificate validation check when performing an IMAP connection configured with STARTTLS. This vulnerability allows man-in-the-middle attackers to collect a victim user's email credentials (while these are communicated to the IMAP service), to access email messages and perform other IMAP actions to the victim account, but also to modify email messages while in-transit to Canary Mail. CENSUS strongly recommends to iOS and MacOS users of the Canary Mail software to update to version 3.22, as this version carries a fix for the aforementioned vulnerability. The same vulnerability also affects other software that are based on the MailCore2 library (including version 0.6.4). A patch for the library is publicly available, however this has not been incorporated yet into an official library release.
The best Mac email app for security: Canary Mail We all use email for important things, and there are plenty of messages containing sensitive info that we wouldn’t want falling into the wrong hands.
Where Are Emails Stored With Canary Mail Apple
Vulnerability Details
CENSUS performed a functional security test to a number of mail clients, looking for possible vulnerabilities related to man-in-the-middle attacks. While testing Canary Mail with the IMAP STARTTLS setting, CENSUS found that the iOS and MacOS versions of the software would happily connect to a fake IMAP service introduced by a man-in-the-middle attacker, as they performed no certificate validation. This vulnerability was verified in versions 3.20 and 3.21 of the software.
The vulnerablity stems from the fact that for IMAP STARTTLS connections the checkCertificate() method is never called as shown in the code snippet below:
While the check is there for IMAP TLS (ConnectionTypeTLS) connections, it's missing for connections configured with STARTTLS (ConnectionTypeStartTLS). The above code can be found in mailcore2/src/core/imap/MCIMAPSession.cpp. Canary Mail carries a modified version of the MailCore2 library.
MailCore2 is a library with a C++ core for handling email-related protocols that supports builds on iOS, OS X, Android, Windows and Linux. It is used by many applications (the project page mentions 20+ mail applications). The vulnerability is present in version 0.6.4, as is evident in the relevant source code.
Issue testing was conducted on devices running iOS v14.4 and MacOS v10.15.7. Using ettercap in ARP poisoning mode, and starttls-mitm configured for port 143, CENSUS captured a victim account's credentials as illustrated in the screenshot below.
A man-in-the-middle attacker may capture in this way both user credentials and email traffic of the victim user. The email traffic may also be modified before this reaches the mail client software, to include malicious messages. Finally, with the email credentials at hand, the attacker may then independently perform any IMAP action on the user's mailbox, such as accessing other email messages stored there (which were not part of the original interception).
Recommendation
The vulnerability has been patched in version 3.22 of the Canary Mail software. The relevant git commit can be found here. iOS and MacOS users of Canary Mail are strongly advised to update to the latest version available. As of this writing no official release of the MailCore2 library carries the fix, however the relevant patch is available in the project's 'master' repository branch. It is possible that other mail clients built upon MailCore2 may still be affected by this issue.
Where Are Emails Stored With Canary Mail App Download
Disclosure Timeline
Where Are Emails Stored With Canary Mail Application
| Vendor Contact: | February 8, 2021 |
| CVE Allocation: | February 8, 2021 |
| Vendor Confirmation: | February 10, 2021 |
| Vendor Fix Released: | February 16, 2021 |
| Public Advisory: | February 17, 2021 |
| Advisory Update: | February 18, 2021 (incl. information about MailCore2) |
| Advisory Update: | February 19, 2021 (incl. reference to MailCore2 patch) |