Warning: Major iPhone security flaw makes it painfully easy to steal your password

Zach Epstein

June 10, 2015 at 10:18 AM

Apple’s iOS platform is one of the most secure mobile operating systems in the world, and each release brings new security features and enhancements. iPhones and iPads are proliferating in the workplace at a rapid pace, and even spy agencies tend to have difficulties cracking encrypted communications that originate on an iOS device.

But no software is without flaws, and a new security vulnerability makes iPhones and iPads painfully vulnerable to phishing scams that can easily allow someone to steal your Apple ID username and password.

DON’T MISS: New update brings the best Google Maps feature iOS has seen in months – here’s how to use it

Ernst and Young security researcher Jan Soucek has built a tool the likes of which could easily trick iPhone and iPad users into handing over the usernames and passwords tied to their email accounts or even Apple IDs.

As noted by The Register, Soucek’s tool takes advantage of a potential flaw in Apple’s iOS Mail app that automatically loads remote HTML content. The researcher has simply created HTML pop-ups that look exactly like the dialog box that appears when an iOS device requires the user to reenter his or her email credentials or Apple ID.

Unsuspecting victims are so used to seeing these dialog boxes, that the odds are good they would just enter their email addresses and passwords without thinking twice. Once this sensitive information is entered and the user taps OK, his or her credentials are sent to a remote server where hackers can access them.

“Back in January 2015 I stumbled upon a bug in iOS’s mail client, resulting in HTML tag in e-mail messages not being ignored,” Soucek said on the GitHub page hosting his project. “This bug allows remote HTML content to be loaded, replacing the content of the original email message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password ‘collector’ using simple HTML and CSS. It was filed under Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2.”

As noted by the researcher, Apple has yet to address the issue.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Warning: Major iPhone security flaw makes it painfully easy to steal your password

Recommended Stories

NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in

Jamie Dimon is worried the US economy is headed back to the 1970s

Broncos, Jets, Lions and Texans have new uniforms. Let's rank them

Based on the odds, here's what the top 10 picks of the NFL Draft will be

Luka makes Clippers look old, Suns are in big trouble & a funeral for Lakers | Good Word with Goodwill

Dave McCarty, player on 2004 Red Sox championship team, dies 1 week after team's reunion

Everyone's still talking about the 'SNL' Beavis and Butt-Head sketch. Cast members and experts explain why it's an instant classic.

These are the fastest-selling new cars of 2024

Ryan Garcia drops Devin Haney 3 times en route to stunning upset

These are the cars being discontinued for 2024 and beyond

Chiefs make Andy Reid NFL's highest-paid coach, sign president Mark Donovan, GM Brett Veach to extensions

Arch Manning dominates in the Texas spring game, and Jaden Rashada enters the transfer portal

Yankees' Nestor Cortés told by MLB his pump-fake pitch is illegal

Here’s when people think old age begins — and why experts think it’s starting later

Retirement confidence in the US ticks up; new rule for financial advisers is set to start

Donald Trump nabs additional $1.2 billion 'earnout' bonus from DJT stock

WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not

Jets trade QB Zach Wilson to Broncos

Report: Red Bull Racing chief designer Adrian Newey to leave Formula 1 team

Charlie Woods, Tiger Woods’ 15-year-old son, fails to advance in U.S. Open qualifier