Mailbox, the tidy iOS email app recently purchased by Dropbox, has a pretty wide-open hole that could allow bad actors to hijack your device. And unlike phishing attempts that should probably set off your sketchiness detector, this flaw involves emails that look completely innocuous. As Italian researcher Michele Spagnuolo shows, the Mailbox app will execute any JavaScript code embedded in the body of an HTML email message. While the video demonstrates the flaw by launching some pretty low-key apps, maliciously-coded emails could cause your phone to compromise some very important personal data. There doesn’t seem to be a fix for the issue just yet, so if you’re using Mailbox on your iOS device, it’s probably a good idea to switch to another email app until this problem is sorted.