Visit http://www.latestdigitals.com for the latest digital and technology news. A popular iOS application for managing Google Mail inboxes has disabled JavaScript from running within HTML emails after a security flaw was found. The flaw, which means an attacker could potentially run code from within the body of an email on the user’s phone, was discovered in Mailbox.app by independent security researcher, Michele Spagnuolo. He also demonstrated in a video how this code can be used to open apps and send texts and emails. Bad for security and privacy In his blog, he said: “This is bad for security and privacy, because it allows advanced spam techniques, tracking of user actions, hijacking the user by just opening an email, and potentially much worse things, especially for jailbroken devices.” While this may seem innocuous, Spagnuolo added in a comment on the tech blogging site Ars Technica that even though apps are protected from affecting the wider operating system (through a method known as ‘sandboxing’), this has been broken on more than one occasion, once where Mobile Safari was hacked to transmit the user’s SMS database to a remote server, and again when a website was launched that allowed users to remotely jailbreak their phones via a website. Mailbox responds Mailbox responded a few days later by issuing a fix on their servers which filters out JavaScript, and issued a statement via their blog: “Yesterday evening a security blogger raised concern about Mailbox running javascript within HTML email messages. As many have noted, the real risks presented by running javascript within Mailbox are extremely limited thanks to how iOS is designed.” That being said, today we implemented a process that strips javascript from messages before delivering them to mobile devices. This feature is now live on Mailbox servers and filtering new mail. This will be particularly important as we develop for other platforms, where javascript vulnerabilities could be more of an issue.”