{"id":31185,"date":"2015-06-10T10:17:50","date_gmt":"2015-06-10T15:17:50","guid":{"rendered":"https:\/\/eshop.macsales.com\/blog\/?p=31185"},"modified":"2015-06-10T15:17:49","modified_gmt":"2015-06-10T20:17:49","slug":"stay-safe-bug-in-ios-mail-allows-phishing-attacks","status":"publish","type":"post","link":"https:\/\/eshop.macsales.com\/blog\/31185-stay-safe-bug-in-ios-mail-allows-phishing-attacks\/","title":{"rendered":"Stay Safe: Bug in iOS Mail Allows Phishing Attacks"},"content":{"rendered":"
\"Phishing\"<\/a>
Image via Allstate.com<\/figcaption><\/figure>\n

A security researcher has uncovered a bug in iOS Mail that allows an attacker to remotely run HTML code on a computer when an email is opened. The researcher, Jan Soucek, first discovered the issue back in January and reported it to Apple so that it could be fixed. Since it’s now five months later and\u00a0no update has closed the security hole, Soucek has published his source code for his demonstration on Github<\/a> and created a video showing the exploit in action. Soucek is concerned that the issue opens the door to very convincing-looking phishing attacks.<\/p>\n

Phishing is the name given to the practice of using convincing-looking emails or other tools to extract name and password information from unsuspecting computer users. Once you’ve inadvertently supplied a malicious third party with that information, it can be used for the purpose of monetary or identity theft.<\/p>\n

Here’s the video Soucek created, showing the exploit being used on both an iPad and an iPhone to prompt a user to enter his or her user name and password. In his example, the malicious code creates a very real-looking password prompt that’s requesting a user’s Apple ID:<\/p>\n