IOS Mail flaw facilitates iCloud password theft

IOS Mail flaw facilitates iCloud password theft

Jan Souek discovered a security breach in the Mail for iOS in mid-January, Apple reported in a Bug Reporter report (# 19479280), but in the absence of a return or the problem itself, he has now decided to publish the source code of his proof of concept on GitHub .

According to Souek, the bug allows crackers create emails that carry remote HTML / CSS content and can, for example, open a little window asking the person's iCloud username and password. The video below shows how this works:

The perfect example because iOS often requires the confirmation of the iCloud password at times like this, so for some they fall into the very easy trap.

Souek says he discovered the flaw in iOS 8.1.1 and that it remains uncorrected even in the current stable version of the operating system, 8.3. Let's see if, now that the thing is really being commented on by, Apple already closes the gap before the release of iOS 8.4.

(via The Register)