Thunderbird security update

Thunderbird is Mozilla Corp.’s open-source, cross-platform email, chat, calendar, contacts and newsfeed (RSS) program, which features reliable email processing, smart folders, phishing protection and spam tools, special support for large-file transfers, quick filtering, Web searching, and plug-ins/add-ons for customization. See Thunderbird help topics for more information.

Thunderbird 68.9.0 is a free download for OS X 10.9 and up, as well as Linux and Windows. (Pre-release test versions are also available.)

The latest release brings security fixes, along with a few bug fixes.

iOS Mail actively exploited

Apple’s iOS devices are being actively, remotely hacked via unpatched zero-click email attacks on Apple’s Mail app. Really (extremely) not good…

You’ve Got (0-click) Mail! Unassisted iOS Attacks via MobileMail/Maild in the Wild

  • The vulnerability allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory
  • The vulnerability does not necessarily require a large email – a regular email which is able to consume enough RAM would be sufficient. There are many ways to achieve such resource exhaustion including RTF, multi-part, and other methods
  • The heap overflow vulnerability is exploited in the wild
  • The vulnerability can be triggered before the entire email is downloaded, hence the email content won’t necessarily remain on the device
  • We are not dismissing the possibility that the attackers deleted any remaining emails following a successful attack
  • Attack on iOS 13: Unassisted (/zero-click) attacks on iOS 13 when Mail application is opened in the background
  • Attack on iOS 12: The attack requires a click on the email. The attack will be triggered before rendering the content. The user won’t notice anything anomalous in the email itself
  • Unassisted attacks on iOS 12 can be triggered (aka zero click) if the attacker controls the mail server
  • The vulnerabilities exist at least since iOS 6 – (issue date: September 2012) – when iPhone 5 was released

Flaw in iPhone, iPads may have allowed hackers to steal data for years
An Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.

Apple declined to comment on Avraham’s research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.

SpamSieve

SpamSieve is an effective anti-spam plug-in from C-Command Software for removing unwanted garbage from Apple Mail, Outlook, Mailsmith, Gyazmail and other email apps. It learns what spam looks like and what good messages look like, using “Bayesian” analysis to improve its filtering and blocklist (which can be viewed and edited, if necessary).

SpamSieve 2.9.39 is priced at $30 for mail clients running in OS X 10.7 and up, with a free trial available. (Older versions of SpamSieve are available with support for even earlier Macs.)

The latest update includes more changes and workarounds for bugs in Apple Mail and macOS 10.15 Catalina, along with other improvements.

Mail Archiver X

Mail Archiver X is a Mac app from Moth Software Mainz (Beatrix Willius) for collecting and archiving into a database email from popular email apps – Entourage, Outlook, Eudora, Apple Mail, Powermail, Postbox, Thunderbird – and it can also import standard mbox files or collect email directly from Gmail, Office 365 Exchange or iCloud. Archived email can be exported in mbox format or to PDF, Evernote, text, FileMaker or SQL formats. Other features include a built-in email viewer, a scheduler, and a template for using FileMaker instead of the internal database, if you prefer.

Mail Archiver X 5.2.0 is priced at $44.95 for OS X 10.11 and up with a 10-day trial period. (Older versions are available with support for earlier Macs.) Multi-computer and multi-user licenses are more expensive. The latest version includes performance and user interface improvements.

EagleFiler

EagleFiler is an information organizer app from C-Command Software (Michael Tsai), designed to manage, archive and search information from email, web pages, PDF files, word processing documents, images, and other files and scraps of data.

Features include quick information import, viewing and archiving, with support for multiple “libraries”, using an open file format; plus file conversion and archiving; tagging and notes; encryption; text editing; data integrity checks; AppleScript support; metadata management; sophisticated searching with smart folders; and more. (See the EagleFiler online manual for full details.)

EagleFiler 1.8.11 is priced at $40 for OS X 10.6 and up, with a free trial available. (Older versions are available with support back to Mac OS X 10.4.)

Emailchemy

Emailchemy is a cross-platform app from Weird Kid Software LLC for converting email files from most popular email applications (including AOL, Apple Mail, Entourage, Eudora, Outlook and more) to standard, portable formats, including RFC-822 mailboxes, Thunderbird folders, Entourage archives, Apple’s Mail.app and more, for conversion and archiving. Features include a built-in IMAP server, de-duplication, and “utilities for splitting, sorting and merging email archives, and harvesting email addresses from email archives.”

Emailchemy 14.3.12 is priced starting at $29.95 (single license) for OS X 10.7 and up, Linux, and Windows. Updates require a renewal purchase after one year. A demo version lets you try the conversion process before purchase. The latest versions has full compatibility with macOS 10.15 Catalina.

Eudora Mailbox Cleaner

Eudora Mailbox Cleaner is an old PowerPC Mac app from Andreas Amann that has the unique ability to clean up Eudora email archives.

Trying to migrate my old messages from Eudora to Apple Mail, I noticed that most of the information got lost or mangled in the process (all messages show up as unread, attachments get lost, non-ASCII character show up incorrect, HTML messages display as code instead of formatted text, …). Since I was not satisfied with this partial import, I wrote ‘Eudora Mailbox Cleaner’ which corrects all these issues. I later realized that problems are more widespread and added additional features to the application in order to support more email clients.

Eudora Mailbox Cleaner 4.9 is a free download for Mac OS X 10.2 through 10.6 only.