The Bat! v8.2 Overcomes Mailsploit Vulnerabilities
The developers of The Bat! were quick to react to Mailsploit, a recently discovered set of vulnerabilities in email programs. At least 30 email programs from various vendors were affected by Mailsploit, including most popular programs. It was possible to spoof the sender’s email address by using a specially crafted data.
In The Bat! version 8.2, we implemented a new context-aware message header decoder to address the Mailsploit issues. Besides that, we have improved The Bat! to made the following checks in the display name part of an address: if it contains an "@" character or any control character (such as "carriage return", "line feed" or "null" characters), then such a name part is discarded, and the user sees real email address rather than a fake one put to the sender’s name part.
To address the Mailspoit issues, The Bat! version 8.2 features a new format of the message base indices, therefore earlier versions of The Bat! are unable to display, in the message list, senders and recipients of the messages received by the new version. As a result, you will not be able to use the same message base in different versions of The Bat!
In this version of the program we also resolved problems in CardDAV, in HTML-editor, and made improvements in the multi-threaded locking mechanism and on modern processors that are equipped with AVX-512 instructions.
See the entire list of changes and improvements.