A zero-click security vulnerability in Apple’s macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail’s sandbox environment, leading to a range of attack types.
Exploitation of the bug could lead to unauthorized disclosure of sensitive information to a third party; the ability to modify a victim’s Mail configuration, including mail redirects which enables takeover of victim’s other accounts via password resets; and the ability to change the victim’s configuration so that the attack can propagate to correspondents in a worm-like fashion.