Can just opening email infect Mac in any way?

[Hans12]

Hello!

I'd like opinion on this:

If I open email and see text, can it infect my Mac? Not opening attachments, just email itself. Can that be dangerous? I delete all suspicious and unknown ones, but there are few where I can't be sure or have to see the insides.

I have no real time scanner and sometimes run Malwarebytes.

 

[Weaselboy]

No. You would need to actually enter your password and install something for it to do anything. Just reading a file will not infect your Mac.

 

[Hans12]

No. You would need to actually enter your password and install something for it to do anything. Just reading a file will not infect your Mac.

Thank you very much! To be sure language barrier is not making me miss something:

Nothing bad will happen if I simply
1) click on email to open it
2) check the email text itself
3) ignore links
4) ignore attachments

Correct?


EDIT: I access Gmail directly, not using Apple mail apps if that has any importance in this question.

 

[Weaselboy]

Correct?

Exactly.

 

[Hans12]

Exactly.

Thank you, Weaselboy!

Not exactly this topic, but is there any difference between using email app and just logging straight into gmail? I've never used mail apps, just gone straight into mail server. Could it be more dangerous or safer?

 

[Weaselboy]

Thank you, Weaselboy!

Not exactly this topic, but is there any difference between using email app and just logging straight into gmail? I've never used mail apps, just gone straight into mail server. Could it be more dangerous or safer?

Not really any difference. The big issue with both is never enter your password to allow anything to install.

 

[Hans12]

Not really any difference. The big issue with both is never enter your password to allow anything to install.

Thank you for all the help!

 

[jtara]

It depends COMPLETELY on how you read your email. And just what you call "infect".

You might read in a browser, (and there are many choices of browsers) you might read in Mail, you might read in some third-party installed application (I use Postbox).

Each of the above might have vulnerabilities that could be exploited.

Most/many ways of reading email support viewing HTML and also Javascript execution. An email reader might also support extensions, and there might be a route from the Javascript to exploit an extension. An extension may provide some direct access to local files.

If nothing else, some Javascript can make life difficult in your browser. And there are people silly enough to try to exploit Javascript execution for Bitcoin mining (and thus waste some amount of electricity.)

So, yes, it COULD happen. In fact it HAS on Windows systems.

 

[KALLT]

The risk is small, but nevertheless there. For these purposes, Apple uses sandboxing and other strategies in its own applications to minimise potential attacks. App Store applications are also sandboxed per Apple's policy. As long as you keep these up-to-date and use a bit of caution, there is generally nothing to worry about.

It is a good idea to disable the automatic loading of images and attachments in your e-mail client. Never open attachments you don't trust and use spam protection to sort out known junk mail.
[doublepost=1497217911][/doublepost]

Most/many ways of reading email support viewing HTML and also Javascript execution. An email reader might also support extensions, and there might be a route from the Javascript to exploit an extension. An extension may provide some direct access to local files.

Most email clients do not support JavaScript execution. I think, but am not sure, that Apple’s Mail apps don't support this.

 

[960design]

Most email clients do not support JavaScript execution. I think, but am not sure, that Apple’s Mail apps don't support this.

Just to clarify, all current versions of email clients that I have tested do not support javascript execution. This includes: Thunderbird, Outlook Client, Outlook Webclient, Apple Email, and several other common web clients.

Not so old versions of Outlook will indeed allow javascript execution, so be careful that you've updated if using anything Microsoft based.

Scripts can/are still hidden in zipped Excel files.