This one weird script continually crashes Android email

The email application of Samsung Galaxy 4 Minis can be made to repeatedly crash with a simple email that need not even be opened, according to researcher Hector Marco.

A crafted email gobbled up by the native email client running on Android 4.2.2.0400, a superseded operating system that was the latest stock offering for the S4 Mini.

Marco did not specify if the bug also bites earlier Android versions, but if that is the case this flaw will impact a great many more users. Google estimates 52.4 percent of users operate Android version 4.2 and earlier, while 19.8 percent run 4.2.x.

"An attacker can remotely perform an denial of service attack by sending a specially crafted email," Marco wrote in an advisory.

"When the victim receives the malicious email, the application crashes while trying to download the email ... the email application can not be used until the offending email is removed.

"No interaction from the user is needed to produce the crash just receive the malicious email."

The denial of service vulnerability (CVE-2015-1574) centres on an incorrect handling of the Content-Disposition header, Marco said.

Users can get around the attack and remove the offending email by enabling airplane mode or logging in through the web version of their mail service.

The best way would be to update their operating systems to a newer version which closed the vulnerability.

However Marco's proof of concept Python script could prove popular with internet idiots and phishers wanting to target those stuck on S4 Mini ROMs.

Cynics could look to the 60 percent of Android users still running the outdated 4.4 operating system and below to suggest those capable of updating probably won't.

Punters on affected Minis could follow suit of countless other Android users stuck on old operating systems thanks to lazy telcos and phone manufacturers and leap to one of the many vibrant custom offerings such as the popular CyanogenMod.

That process often required phones to be rooted however which could invalidate warranties if a sneaky reversal process was not possible. ®