A recent update to the Edison Mail app on iOS has enabled users to view strangers’ emails.
According to The Verge, several of the app’s iOS users contacted the outlet to report that they were given access to other people’s inboxes without ever having the login information to do so. On Twitter, other users noted that they’d experienced the bug as well.
All of these users said the glitch popped up after they downloaded the latest app update, which was intended to allow users to sync data across devices.
In an email to The Verge, an Edison Mail spokesperson confirmed this was a bug related to the update and not a security breach.
“Ten hours ago a software update was rolled out to a small percentage of our user base. Some of these users who received the update are experiencing a flaw in the app impacting email accounts that was brought to our attention this morning,” the company wrote to The Verge. “We have quickly rolled back the update. We are contacting the impacted Edison Mail users (limited to a subset of those users who have updated and opened the app in the last 10 hours) to notify them.”
The company issued a similar statement on Twitter.
At 10:50 PM PST Friday evening a security bug was introduced for a small fraction of our iOS users. We have rolled that update back. All impacted users are being logged out and will need to re-login.
— Edison (@Edison_apps) May 16, 2020
In both cases, Edison only says the bug affected a “small” number of its iOS user base, so it’s unclear exactly how many people have been affected. Nonetheless, this raises significant privacy concerns, especially as Edison touts itself as a “secure mailbox management” service. It’s currently unclear what, specifically, how the update triggered the app vulnerability in the first place.
Via: The Verge