HACKINTOSH.ORG | Macintosh discussion forums

Macintosh News => Apple News => Topic started by: HCK on June 12, 2015, 09:00:12 pm



Title: Apple Mail flaw could pose risk to iCloud passwords
Post by: HCK on June 12, 2015, 09:00:12 pm
Apple Mail flaw could pose risk to iCloud passwords

<article>
   <section class="page">
<p>
A security researcher says a vulnerability in Appleā€™s mobile email application could be used to trick someone into divulging their iCloud password.</p><p>
Prague-based Jan Soucek (https://twitter.com/jansoucek) published proof-of-concept code (https://github.com/jansoucek/iOS-Mail.app-inject-kit/tree/master) that shows how he could send an email to someone with HTML code that resembles the iCloud login pop-up window. Soucek then receives an email containing the password.</p><p>
The vulnerability allows remote HTML content to be loaded in an email, which replaces the content of the email message. Soucek wrote he then built a functional password collector using HTML and CSS. He also published a demonstration video (https://www.youtube.com/watch?v=9wiMG-oqKf0).</p><p class="jumpTag"><a href="/article/2934552/apple-mail-flaw-could-pose-risk-to-icloud-passwords.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>

Source: Apple Mail flaw could pose risk to iCloud passwords (http://www.macworld.com/article/2934552/apple-mail-flaw-could-pose-risk-to-icloud-passwords.html#tk.rss_all)