Can just opening email infect Mac in any way?

Discussion in 'Mac Basics and Help' started by Hans12, Jun 11, 2017.

Tags:
  1. Hans12 macrumors newbie

    Joined:
    Jun 11, 2017
    #1
    Hello!

    I'd like opinion on this:

    If I open email and see text, can it infect my Mac? Not opening attachments, just email itself. Can that be dangerous? I delete all suspicious and unknown ones, but there are few where I can't be sure or have to see the insides.

    I have no real time scanner and sometimes run Malwarebytes.
     
  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #2
    No. You would need to actually enter your password and install something for it to do anything. Just reading a file will not infect your Mac.
     
  3. Hans12, Jun 11, 2017
    Last edited: Jun 11, 2017

    Hans12 thread starter macrumors newbie

    Joined:
    Jun 11, 2017
    #3
    Thank you very much! To be sure language barrier is not making me miss something:

    Nothing bad will happen if I simply
    1) click on email to open it
    2) check the email text itself
    3) ignore links
    4) ignore attachments

    Correct?


    EDIT: I access Gmail directly, not using Apple mail apps if that has any importance in this question.
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #4
    Exactly. :)
     
  5. Hans12 thread starter macrumors newbie

    Joined:
    Jun 11, 2017
    #5
    Thank you, Weaselboy! :D

    Not exactly this topic, but is there any difference between using email app and just logging straight into gmail? I've never used mail apps, just gone straight into mail server. Could it be more dangerous or safer?
     
  6. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #6
    Not really any difference. The big issue with both is never enter your password to allow anything to install.
     
  7. Hans12 thread starter macrumors newbie

    Joined:
    Jun 11, 2017
    #7
    Thank you for all the help!
     
  8. jtara macrumors 65816

    Joined:
    Mar 23, 2009
    #8
    It depends COMPLETELY on how you read your email. And just what you call "infect".

    You might read in a browser, (and there are many choices of browsers) you might read in Mail, you might read in some third-party installed application (I use Postbox).

    Each of the above might have vulnerabilities that could be exploited.

    Most/many ways of reading email support viewing HTML and also Javascript execution. An email reader might also support extensions, and there might be a route from the Javascript to exploit an extension. An extension may provide some direct access to local files.

    If nothing else, some Javascript can make life difficult in your browser. And there are people silly enough to try to exploit Javascript execution for Bitcoin mining (and thus waste some amount of electricity.)

    So, yes, it COULD happen. In fact it HAS on Windows systems.
     
  9. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #9
    The risk is small, but nevertheless there. For these purposes, Apple uses sandboxing and other strategies in its own applications to minimise potential attacks. App Store applications are also sandboxed per Apple's policy. As long as you keep these up-to-date and use a bit of caution, there is generally nothing to worry about.

    It is a good idea to disable the automatic loading of images and attachments in your e-mail client. Never open attachments you don't trust and use spam protection to sort out known junk mail.
    --- Post Merged, Jun 11, 2017 ---
    Most email clients do not support JavaScript execution. I think, but am not sure, that Apple’s Mail apps don't support this.
     
  10. 960design macrumors 68020

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #10
    Just to clarify, all current versions of email clients that I have tested do not support javascript execution. This includes: Thunderbird, Outlook Client, Outlook Webclient, Apple Email, and several other common web clients.

    Not so old versions of Outlook will indeed allow javascript execution, so be careful that you've updated if using anything Microsoft based.

    Scripts can/are still hidden in zipped Excel files.
     

Share This Page