This could be used to leak sensitive information or change mail client settings.
Researcher Mikko Kenttälä explains in his blog the technical details of the vulnerability, which was already fixed by Apple in July last year. Although the technical details could not be published until now.
Mikko participated in Apple’s Bug Bounty programme and studied vulnerabilities that could be exploited without user interaction. During the investigation he found that some parts of the unzipped file were not properly removed from the temporary directory created by Mail. Not only this, this temporary directory was not limited to the context of the application, but could be accessed with write permissions.
Link to the news: https://cutt.ly/zcD1AbJ
