The company must stop this in email app’s ASAP.
Wednesday, 10th June 2015 – 6:18 p.m.
Security Expert January Souček has made a frightening good proof of concept-phishing email by leveraging weaknesses in Apple’s mail app for iPhone and iPad.
This should Apple fix
this by creating a pop-up message that looks very similar to the the real Apple serves its customers when the system has a question the user has to decide.
“In January this year I stumbled across an error iOS ‘their email client. Hole means that HTML tags in an email message not be ignored.
The bug is that HTML content from a remote server loaded and replace the content of the original email. “
Easy with basic knowledge
” Javascript is always disabled in UIWebView, but it is still possible to build a functional Password collect using simple HTML and CSS “, warns Souček.
According to the same man has Apple not responded to the inquiry his January. The error is still finding the latest iOS version 8.3.
We have recently even received scam email with Apple logo that tries to trick us to reimburse app purchases with a dangerous link. Be wary.
To see scam dialog box out in email app that can get usernames and passwords:
Source:
January Soucek
No comments:
Post a Comment