Home / News / Apple / Your iOS email app could reveal your password: Report

Your iOS email app could reveal your password: Report


Security researcher Jan Soucek has discovered a potential flaw in the iOS Mail app that could trick users into revealing their password. A report in 9to5mac says, “allowed an attacker to run remote HTML code when an email is opened. That code could easily imitate an iCloud login prompt, fooling users into giving away their Apple ID credentials.”

On his GitHub page, Soucek reveals, “Back in January 2015, I stumbled upon a bug in iOS’s mail client, resulting in <meta http-equiv=refresh> HTML tag in e-mail messages not being ignored. This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password “collector” using simple HTML and CSS.”

He goes on to add that the bug was filed under “Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2. Therefore I decided to publish the proof of concept code here.”

You could watch the video here:

About techfoogle

Check Also

Samsung Galaxy Note 20 Series Unpacked

Samsung Galaxy Note 20 Series launching today, see live events

     The event will be telecast from 7.30 pm      Launching of Galaxy …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.