An iOS 16 bug is reportedly causing the Mail application on iPhone and iPad models that have been updated to the latest version of Apple's operating system to crash, rendering it inaccessible. The bug comes in the form of an otherwise routine-looking mail message, that has an unusual sender field that includes extra characters that causes the Mail application to crash on iOS 16. The bug has been dubbed “Mailjack” and allows any outsider to lock iPhone and iPad users out of their email accounts with a modified email.
The crash-triggering email was identified by Equinux's VPN Tracker. Generally, the “From” field has the sender's name followed by their email address in the syntax — From: firstname.lastname@example.org. However, the crash-triggering email had the from field syntax as — From: ""@example.com. Mail services like Gmail, Outlook, and Hotmail automatically rewrite such inbound emails with unusual syntax to prevent such triggers.
While Gmail and Yahoo have filters in place to block these maliciously crafted emails altogether, Apple's first-party iCloud Mail does not appear to have any such rewriting or filtering mechanisms in place, as per the report.
The current solution to avoiding the trigger is to delete the message from the inbox or spam folder from a device that is running an older iOS version or via an external email client. Users may also choose to move the trigger email to another subfolder on an IMAP email account. However, navigating to the respective subfolder will cause the application to crash again according to the website. Admins may also choose to add the syntax ""@example.com to their list of blocked emails via email security software or firewall.
Equinux's VPN Tracker has created a dedicated webpage where users can test the bug trigger by entering their email address. However, users are advised not to try this as it could lock them out of their emails unless they have access to an older iOS or external email client to delete the triggering message.
Affiliate links may be automatically generated - see our ethics statement for details.