X

Send us a Topic or Tip

Have a suggestion for the blog? Perhaps a topic you'd like us to write about? If so, we'd love to hear from you! Fancy yourself a writer and have a tech tip, handy computer trick, or "how to" to share? Let us know what you'd like to contribute!

Thanks for reaching out!

Stay Safe: Bug in iOS Mail Allows Phishing Attacks

Phishing
Image via Allstate.com

A security researcher has uncovered a bug in iOS Mail that allows an attacker to remotely run HTML code on a computer when an email is opened. The researcher, Jan Soucek, first discovered the issue back in January and reported it to Apple so that it could be fixed. Since it’s now five months later and no update has closed the security hole, Soucek has published his source code for his demonstration on Github and created a video showing the exploit in action. Soucek is concerned that the issue opens the door to very convincing-looking phishing attacks.

Phishing is the name given to the practice of using convincing-looking emails or other tools to extract name and password information from unsuspecting computer users. Once you’ve inadvertently supplied a malicious third party with that information, it can be used for the purpose of monetary or identity theft.

Here’s the video Soucek created, showing the exploit being used on both an iPad and an iPhone to prompt a user to enter his or her user name and password. In his example, the malicious code creates a very real-looking password prompt that’s requesting a user’s Apple ID:

What can you do to stay safe until the bug is fixed? If you’re in Mail and you are prompted for a password, just cancel the prompt — assume that any login prompt you see while in Mail is malicious. If you are in another app and are still prompted to log into a service, chances are quite good that it’s a valid request for a login and you can proceed. It would probably be a much better idea to just get out of any app and use other means to log into the service requesting the password, such as logging in through Settings.

Steve Sande
the authorSteve Sande
Contributing Author
Steve is the publisher of Apple World Today, a website providing news, reviews and how-tos for the world of Apple, as well as an author on The Rocket Yard. He's an avid photographer, an FAA-licensed drone pilot, and a really bad guitarist.
Be Sociable, Share This Post!

Leave a Reply

Comment

Name