iOS Mail App Flaw Allows Attackers To Steal User Credentials

ios mail app flaw

Security researcher Jan Soucek has revealed a flaw in iOS Mail app that allows attackers to perform convincing phishing attacks. The flaw allows attackers to replace the content of the original e-mail message with external HTML codes.

"JavaScript is disabled in this UIWebView, but it is still possible to build a functional password 'collector' using simple HTML and CSS," Soucek says.

The researcher says that he had reported the bug to Apple in January. But still there is no fix available for this issue.

He has also created a tool capable of generating iCloud password phishing emails that exploits the bug. You can get the proof-of-concept code from GitHub.

In this attack, the victims will only see a pop-up with the iOS Mail app that looks like regular iCloud authentication request:




Here is the demonstration video:


What you think about his publication of the tool, is it malicious? let us know in the comment box below.

No comments

Powered by Blogger.