A new bug has been discovered deep within the native iOS Mail app by /1//10//11//12/Soucek
A new bug in the IOS Mail app jeopardizes security by allowing hackers to produce surprisingly official looking iCloud authentication popup that indirectly forms a perfect way to steal their login credentials. The bug was discovered by /1//10//11//12/Soucek (Email and Security specialist with Ernst and Young). He discovered that there was a vulnerability in the Mail app and that the bug takes full advantage of it.
Left unpatched, the bug has the potential to affect millions of iOS users who frequently check their incoming emails on iPhones, iPads and iPod Touch. The bug is extremely deceptive owing to the fact that it shares the same official look and encourages the users to enter their sensitive information. And since they look and feel like Apple’s own prompts, the chance of it tricking the users to enter email address and password are is very high.
The worst part being that user has no clue if it is the official thing or the bug, and where his sensitive information might end up. Exploiting the bug in the Mail app allows remote HTML content to be loaded when viewing an email received on an iOS device, and that allows for the perfect rendering of the official looking iCloud prompts. It can be styled and themed to have the exact same look of the official iCloud authentication prompt. /1//10//11//12/Soucek had originally discovered the bug in January 2015 and had notified Apple of its existence, but claims that Apple did not respond to his discovery. For iOS users, this is indeed a tricky bug and so we warned of these official looking notifications.
It’s in the best interest not to enter your iCloud password when prompted inside the Mail app. And in the mean time, we hope that Apple offers the iOS users an official fix so that they can use their Apple devices with a peace of mind.
You /4/Also Like
Share this Story
Read the Latest from I4U News