Apple iPhone Security Flaw Allows Easy Access to Passwords [Watch]
According to GitHub, the Apple iPhone has a major security flaw that may allow phishers to steal your password. It comes out of the mail client in Apple's iOS software and allows a few nasty things that you may want to be aware of.
The article, written by Jan Soucek, reveals the bug resulted in HTML tag in email messages not being ignored, which in turn allows remote access to the iPhone and HTML content can then be loaded, which will replace the contents of an email you originally composed.
In this UI Web View, the Java Script is disabled. That doesn't mean that it is not able to collect data though. It can still run a functional password collector using a very basic HTML and CSS program.
The issue was filed in January under Radar #19479280, but apparently, there were no fixes offered in the iOS updates after 8.1.2. See the Soucek's video below for a detailed example of how this bug works.
The Register reports that Soucek has created this tool capable of stealing iPhone passwords and iCloud passwords. It comes in a basic email that has phishing code installed. Soucek did this in an attempt to expose the flaw and bring it to Apple's attention.
This unpatched bug will affect millions of iPhone users worldwide and can lead to potentially devastating consequences should they fall victim to malicious phishing software, such as that in the example video Soucek just showed you.
His developed phishing code should not be considered malicious, but rather a way to shore up engineering awareness to increase security for private users and companies private or proprietary information. This security flaw is known by Apple via Soucek's correspondence, but there has been no response by the company as to when or how this issue will be resolved in future iOS updates.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!
* This is a contributed article and this content does not necessarily represent the views of latinpost.com