14 DAY TRIAL // Security expert Roy Castillo has identified a persistent cross-site scripting (XSS) vulnerability in Gmail for iOS. For his findings, Google has rewarded him with $5,000 (€3,700).
The security hole plagued the “mail attachment” feature. The name of the attached file was not filtered correctly and an attacker could have triggered a stored XSS.
“By using the generated report from Google Analytics I could inject script code that was executed on mail.google.com. The XSS is stored just simply reopen the mail anytime you want,” the expert explained on his blog.
The issue was reported to Google on October 8. It was fixed on October 10.
Check out the steps to reproduce the vulnerability, as described by the expert:
1. Login to Google Analytics 2. Create an account and name it <img src=x onerror=alert(0)> 3. Go to Reporting -> Real Time -> Overview -> Email 4. Send an email to the victim GMail address. 5. Open your GMail for iOS 6. Open the received email. 7. XSSED