iOS Mail App Download – Fix iCloud Passwords Bugs
Apparently, Apple slipped an unpatched bug in Mail app which could be a security threat for consumers, because they might be fooled to enter their iCloud passwords. Bad intended phishing hackers would get their hands on these passwords and use them in their own interest.
Soucek demonstrated that everything looks perfectly normal, because the password field has autofocus enabled, and this way, Apple’s official password prompt is mimicked. The users are advised to wait until prompted when they’re not using Mail, when they need to log into their iCloud accounts again.
Soucek explained that in January 2015 he found this bug in Mail app which resulted in HTML tags in email messages not being ignored and the vulnerability was filed under Radar #19479280 but Apple didn’t fix the bug and Soucek thought it’s his duty to warn the users about this danger. That’s why he published the proof of concept code on GitHub.
Apple became aware of this problem, but one of the specialists said that this isn’t a “serious” security flaw, because the device’s data isn’t compromised. However, it’s very serious because it’s not an old school security issue, as it’s a combination between social engineering and cloud services.
Last fall, there was a huge scandal involving many celebrities whose nude photos were stolen from their iCloud accounts and Apple came with a guide to teach its users to visit the genuine iCloud page. The FBI investigated a hacker after their attention was drawn by a flagged IP address.