Home / News / Apple / Your iOS email app could reveal your password: Report

Your iOS email app could reveal your password: Report

iPhone_AFP_NEW-624x351

Security researcher Jan Soucek has discovered a potential flaw in the iOS Mail app that could trick users into revealing their password. A report in 9to5mac says, “allowed an attacker to run remote HTML code when an email is opened. That code could easily imitate an iCloud login prompt, fooling users into giving away their Apple ID credentials.”

On his GitHub page, Soucek reveals, “Back in January 2015, I stumbled upon a bug in iOS’s mail client, resulting in <meta http-equiv=refresh> HTML tag in e-mail messages not being ignored. This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password “collector” using simple HTML and CSS.”

He goes on to add that the bug was filed under “Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2. Therefore I decided to publish the proof of concept code here.”

You could watch the video here:

About techfoogle

Check Also

miui 11

Redmi K20 Pro gets MIUI 11 Global Stable Update

Xiaomi recently announced to roll out MIUI 11 Global Stable ROM update for many smartphones …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.